PIRs
Priority Intel Requirements (PIRs) are the requests raised by security analysts for the security team members, such as incident managers or Chief Information Security Officers (CISO), to provide security information. Security analysts can also raise PIRs to request approvals to perform a security-related operation. PIRs help security analysts to:
Evaluate the incident response effectiveness
Identify and fix issues within the security posture of an organization
Identify whether all the corrective actions and enhancements are in place to prevent future attacks
PIRs Management Flow
The following illustration shows the overall workflow to manage PIRs.
Create PIR: Create a PIR to request security information or approval. For example, requesting security-related information on a sensitive IP address, requesting approval to remove an infected endpoint, and more. For more information, see Create PIR.
Assign Users: Assign the security team members from whom you need the information or approval. The assigned users must be members of the assigned user group. For more information, see Assign User.
Analyze PIR Summary: Analyze the PIR summary to know more about the requirements of the PIR.
Provide Requested Information: Provide the requested information in the PIR notes.
Close PIR: Move the action status to Closed.
You can use the following features to manage a PIR effectively:
Activity Logs to track all the updates of a PIR in the activity logs. During retrospection of the PIR, you can use the activity logs to trace a specific PIR update. You can search, filter, and export the activity logs. For more information, see Manage Activity Logs.
Connect the Dots to connect related modules with the PIR to draw contextual information about the PIR requirements. For more information, see Connect the Dots.
Attachments to upload the external files related to the PIR as attachments. You can upload files of any format or size. For more information, see Add Attachments.