Skip to main content

Cyware Fusion and Threat Response

Configure Incident Notification Process

You can define timelines for sending email notifications to impacted business units about an incident. This enables the assigned user of the incident to request acknowledgment and additional information from the business units based on the process you define. You can configure multiple incident notification processes based on incident type, severity, impacted business unit, and impacted location.

To configure an incident notification process, do the following:

  1. Go to Admin Panel > SLA > Process > Incident Notification.

  2. On the upper right corner, click Create.

  3. Enter a unique name for the incident notification. For example, High Priority Sphearphishing Incidents.

  4. Specify the incident details such as Severity, Incident Type, Location, and Business Unit for which the notification process is applicable.

    Note

    The field titles Incident Type and Business Unit may differ based on the names configured in Admin Panel > Form Management > Incident > Incident Workflows.

  5. In Define Thresholds, enter the following details to define the time line for sending incident notifications:

    • Primary Notification: Enter a duration from the incident opened time. Users can send an email notification to the recipients of the impacted business units after this duration has elapsed. For example, 1 hour.

    • Primary Notification to be due in: Enter a duration from the incident opened time to get an alert that the primary notification is to be due. This duration must be less than the duration of the Primary Notification. For example, 50 minutes.

    • 1st follow up: Enter a duration from the primary notification to send the first follow-up email notification. If the assigned user does not receive a response from the recipients of the impacted business unit, the user can send a follow-up email notification after this duration has elapsed. For example, 1 hour.

    • 1st follow up to be due in: Enter a duration from the primary notification time to get an alert that the first follow-up notification is to be due. This duration must be less than the duration of the 1st follow up. For example, 50 minutes.

  6. To restart the incident notification from the 1st follow-up, select Reset from 1st follow-up. When the assigned user of an incident clicks Response Received and Reset Follow-up in the Notify Business Units section of the incident summary, incident notification restarts from the 1st follow-up. This enables users to request additional information from the impacted business units. If you select Reset from 1st follow-up, then you must enter the duration for the 2nd and 3rd follow-ups. Otherwise, the 2nd and 3rd follow-up durations are optional.

  7. Click Submit.

The incident notification process is created and appears in the list of incident notifications. The incident notification process automatically applies to newly created incidents based on the incident details you have specified.

Manage Incident Notification Processes

You can perform the following activities to manage the incident notification processes:

  • Search for an incident notification process based on the title.

  • Filter processes based on business units, locations, incident types, locations, created date, and last updated date.

  • Update process details. The updates apply to both existing and new incidents. If the current incident notification process does not apply to an incident anymore after the update, then the next process that is applicable to the incident as per the priority order is automatically applied. If no process is applicable, then the incident notification process is removed from the incident.

  • Activate or deactivate incident notification processes. If you deactivate a process then it will be removed from all existing incidents and will not be applied to new incidents.

  • Delete an incident notification process. When a process is deleted or deactivated, then the next process that is applicable to the incident as per the priority order is automatically applied. If no process is applicable, then the incident notification process is removed from the incident.

  • Reorder incident notification processes based on priority. If more than one process is applicable for an incident, then the SLA that is higher as per the priority order applies.

  • View activity logs to track updates to incident notification processe.