Skip to main content

Cyware Fusion and Threat Response

View Incident Summary

You can track the overall progress of the incident under Summary. You can view the following details in the incident summary:

  • Phases: Displays the phases of the incident response as per the applicable incident workflow. Each phase card displays the following details:

    • The name of the phase.

    • The number of mandatory fields to be filled.

    • The completion status of the phase in percentage. Hover over the circle next to the phase name to view the completion status in percentage.

  • Incident Phase Timeline: Displays phase-wise progress of the incident response, total time spent on the incident, and the time spent on each phase of the incident response. A green tick mark on a phase indicates that the phase has been completed. A blue blinker on a phase shows the current phase.

  • Total Open Actions: Displays the total number of actions that are added to the incident. Click Total Open Actions to view the list of actions. You can also view the number of actions assigned to you and your group.

  • Playbook Execution: Displays the number of associated Orchestrate Playbooks that have failed, are currently running, or require user input. Click a number to view the Playbook run logs.

  • Automations: Displays the automation associated with the incident. For more information, see Run Automation.

  • Notification Sending Activity: Displays the timeline of email notifications and all the follow-up notifications sent to the business units. Under Notification Sending Activity, you can send email notifications to the recipients of a business unit about incident creation. For more information, see Notify Business Units.

    Note

    CFTR displays Notification Sending Activity in the incident summary if the following conditions are met:

    • Your administrator in Admin Panel > SLA > Incident > Notification SLA enables the Notification SLA.

    • A notification SLA is applicable for the incident

Notify Business Units

You can send email notifications to the impacted business units when an incident is created. You can send the primary notification to send an initial notification about an incident that impacts the business unit.

You can notify business units using the following notification types:

  • Primary notification: You can send an initial notification regarding an incident that impacts the business unit. Use primary notifications to request acknowledgment and additional information to respond to the incident effectively.

  • Follow-up notification: In cases where no response is received following the primary notification, you have the option to send up to three follow-up notifications. These follow-up notifications can be sent at designated intervals in accordance with the incident notification timeline specified by the administrator. 

Before you Start

Ensure that an email server is configured to send the email notifications. For more information, see Configure Email Server.

Steps

To notify the impacted business unit about an incident, do the following:

  1. Go to Menu > Incidents and open an incident.

  2. Go to Response > Summary.

  3. Under Notify Business Units, hover over Primary Notification and click Send Notification.

    Note

    You can send the primary notification only when it is due.

  4. Add the following recipients to send the email notification:

    • Customer Email IDs: Enter the email IDs of the recipients of the business unit. By default, you can send the notification to the recipients of the business unit configured by the administrator. For more information, see Manage Business Units

    • Internal Users: Select the application users from the list of active users added by the administrator in User Management. 

  5. Click Submit.

The application sends an email notification to the recipients using the email template configured by your administrator for the impacted business units. If no template is configured, the default template is used. 

Send Follow-up Notifications

Once the primary email notification is sent, the 1st follow-up timer begins. You should expect a response from the impacted business unit before the 1st follow-up is due. If no response is received, you can send a follow-up notification. You can send up to three follow-up notifications.

If you receive a response, do one of the following based on the incident notification process configured by the administrator:

  • Click Response Received and Reset Follow-up to restart the incident notification process from the 1st follow-up. You can send follow-up emails to request additional information from the business unit.

  • Click Response Received to stop the incident notification process for the incident. After the notification process is stopped, you can no longer send email notifications to the impacted business unit.