Other Incident Response Operations
After creating an incident, you can perform other key response operations to efficiently manage incidents.
Steps
To perform other incident response operations, follow these steps:
Go to Menu > Incidents, and select an incident.
You can perform the following response operations:
Follow: Click
to track and stay informed about the incident. You can view the incidents you are following by using the filter Following. Refresh: Click
to view the latest updates of the incident.Pause: Click More, and select Pause to pause the incident. Pausing the incident stops the time tracking and cost tracking. For more information, see Pause Incident.
Mark as Protected: Click More, and select Mark as Protected to protect confidential information associated with the incident. This ensures that users within the assigned user group can only modify the incident details. For more information, see Protect Incidents.
Export: Click More, and select Export to export the details of an incident in PDF format and share it with other users. For more information, see Export Incident Details.
Enable Teams Notifications: To enable Microsoft Teams notifications for the incident, click More, and select Enable Teams Notifications. This feature is only available if Microsoft Teams is integrated and enabled by your administrator in Respond. For more information, see Integrate Microsoft Teams.
Restart Walkthrough: To view a quick walkthrough of the incident response features, click More, and click Restart Walkthrough.
Change Layout: To change the layout for the incident response, click
. For more information, see Change Layout.Quick Access Bar: You can easily access key response tools in all the tabs using the quick access bar. For more information, see Quick Access Bar.
Change Layout
After you create an incident, you can choose from the two layouts to proceed with the subsequent stages of the incident response process.
The following layouts are available for incident response:
New Layout: The new layout offers a streamlined interface for improved navigation across tabs, enhancing user experience. It provides easy access to major features and is integrated with AI to provide suggestions for faster incident response. For more information, see Incident Response (New Layout).
Classic Layout (Default): The classic layout retains the conventional interface, offering users a familiar experience as they navigate through multiple tabs to respond effectively to incidents.
Steps
To change the layout of the incident response, follow these steps:
Go to Menu > Incidents, and select an incident.
Click Change Layout.
Select a layout, and click Save.
Quick Access Bar
The quick access bar expedites the incident response process by providing quick access to essential response features like Automations, Connect the Dots, Playbooks, Input Required, and Notes.
The following are the features of the quick access bar:
Automations: View and run automated playbooks or certain actions of playbooks associated with the phases of the incident. For more information, see Configure Automation.
Connect the Dots: Connect components and threat intel related to the incident to gain contextual information and identify the root cause. For more information, see Connect the Dots.
Playbooks: View and run related Orchestrate playbooks to respond to the incident. For more information, see Actions and Playbooks.
Notes: View all the notes added to the incident. You can also add a note to the incident.
Input Required: View playbooks that require input data to run. When the Orchestrate playbooks are run in an incident, and if they require any input data, you can quickly access those playbooks to provide inputs.