Skip to main content

Cyware Fusion and Threat Response

Create Incident Workflow

You can create multiple incident workflows to respond to various types of incidents.

Note

You can create a maximum of 30 active incident workflows. However, there is no limit to the number of inactive and draft incident workflows.

Before you Start

You must have Create/Update permission for Form Management to create an incident workflow.

Steps

To create an incident workflow, do the following:

  1. Go to Admin Panel > Form Management > Incidents.

  2. On the Create Incident Workflow page:

    1. In the Incident Workflow Name field enter the name of the Incident Workflow.

    2. (Optional) Enter a description of the Incident Workflow. The description is added as a tooltip for the Incident Workflow in the list of Incident Workflows under the Incident tab.

    3. Click Save & Proceed. The Preparation page for the Incident Workflow appears.

  3. To update the name of the Preparation tab, click Edit and enter a name.

    Note

    The Preparation tab is common across all incident workflows. The updated name of the tab will reflect in all incident workflows.

  4. To add phases to the incident workflow, do one of the following:

    Note

    You can add a maximum of 10 phases to an incident workflow.

    • Search and select a phase to add.

    • If the desired phase is unavailable, create a phase to add to the incident workflow. For more information, see Create Phase.

  5. To configure the fields of a phase, drag fields from the Field Library on the right and drop them into the phase. If the desired field is unavailable, you can create a field and add it to the field library. For more information, see the Create Field section in Manage Field Library. You can do the following to organize the fields of a phase:

    • Drag fields to re-arrange the fields in a phase.

    • Maximize or minimize fields for better space management and viewing experience in a phase.

  6. (Optional) To add custom tabs to the Incident Workflow, on the Custom Tabs section, click +New.

  7. Configure the Incident Workflow:

    1. Click Configuration.

    2. Update the Incident Workflow configuration:

      Field

      Description

      Description

      Enter a description of the Incident Workflow.

      Phase Flow Type

      Select a flow type:

      • Linear: The flow of phases is sequential and users cannot move between random phases.

      • Non-linear: The flow of phases is non-sequential and users can move between random phases.

      Restrict phase transition if all mandatory fields are not filled

      Select this checkbox to restrict moving to the next phase in incidents with linear workflows if all the mandatory fields are not filled.

      This option is available only when the selected phase flow type is Linear.

      Incidents can be Closed after the Phase

      Select a phase. The incident can be closed when the incident is in the selected phase.

      This field is available if the selected Phase flow type is Linear.

  8. Click Save.

  9. (Optional) To map action templates with various phases of the incident workflow, on the top-right corner of a phase configuration, click Mapped Actions. For more information, see Manage Action Templates for Incidents.

  10. On the Incident Workflow configuration page:

    1. To save the Incident Workflow as a draft, click the Save draft button.

    2. To publish the Incident Workflow, click the Publish button.

After an Incident Workflow is published, you can add, update, or delete the fields and update the phases of the Incident Workflow. But you cannot add new phases or delete any phase from the Incident Workflow.

The Preparation tab is common to all Incident Workflows and includes the fields that are necessary to provide the initial information when creating an incident.

Note

Only single-select fields of the Preparation tab can be configured as parent parameters.

Create Phase

When creating or updating an incident workflow, if the required phase is not available in the existing list of phases, then you can create a phase and add it to the incident workflow.

To create a phase, do the following:

  1. Go to Admin Panel > Form Management > Incidents.

  2. Select an incident workflow and click Edit on the right.

  3. On the left pane, under the Phases section, click the New button. A new empty text box appears under the Phases section.

  4. In the text box, enter the name of the new phase and click the save icon. The new phase appears under the Phases section.

  5. Select the new phase.

  6. From the Field Library on the right pane, search for the required field and drag the field onto the empty space of the selected phase. If the required field is not available in the Field Library, then you can create the field.

  7. The phase is automatically saved when another phase is selected or the Incident Workflow is saved.

For more information on some frequently asked questions about phases, see Incident Workflows FAQs.

Map Actions with Incident Workflow Phase

You can map multiple action templates with various phases of an incident workflow and automatically create the actions when an incident is created. When an incident is created, CFTR automatically creates actions using the mapped action templates for each phase of the incident response.

To map actions with an incident workflow phase, do the following:

  1. Go to Admin Panel > Form Management > Incidents.

  2. Select an incident workflow and click Edit.

  3. Select a phase.

  4. Click Mapped Actions.

  5. On Select Action Templates, select the action templates to map with the incident workflow phase.

    Note

    CFTR shows the action templates that are available in the Actions Library.

  6. To create an action template, click +New Action Template. For more information, see Manage Action Templates for Incidents.

  7. Click Save.