The Incident Response Services app works as a service level agreement (SLA) for the users to determine the extent of impact of a cyber-security incident on the business and the urgency of responses by the Red Piranha Incident Response Team. The selections made by the administrator in this application have a direct impact on the incident priority levels, acknowledgment time, response time and the service target.
Note: The Incident Response Services application must be configured to avail the ‘response features’ which would allow the CE XDR administrator to escalate IDPS and AV alerts to the Red Piranha SOC team.
The Incident Response Services application can be installed from the Marketplace. For more on how to access the marketplace and install applications go to this section
|Left-hand Navigation Menu > Compliance Controls > Incident Response Services|
Configuring SLA Assets & Services involves selecting the alert types for detailed analysis by Red Piranha incident response team, determining the extent of impact of a cyber security incident on the business and ascertaining the urgency levels of the responses. An incident’s priority is determined by its impact on users and on the business and its urgency. Urgency is how quickly a resolution is required; impact is the measure of the extent of potential damage the incident may cause.
How to Configure SLA Assets & Services?
Note: Before you can start using Incident Response Services app, the SLA Assets and Services must be configured.
Step 1: In the Incident Response Services app page, click the Configure SLA Assets & Services button.
Step 2: You will now see the Select Assets/Services for SLA page. Select the services/alerts for which detailed analysis is required by Red Piranha incident response team and then click the Next button in the top right corner.
Step 3: You will now see the list of services/alerts in the Configure Priority by Impact and Urgency page. Select the extent of impact of these alerts on the company, multiple departments, single department or an individual from the Impact dropdown.
Note: The word ‘impact’ relates to the extent of impact on the company if the assets are unavailable and looses confidentiality or integrity. The options for the impact are Extensive/Widespread/Company, Significant/Large/Multiple departments, Moderate/Limited/Single department, and Minor/Localized/Individual.
Step 4: Now select the urgency levels of response by Red Piranha incident response team from the Urgency dropdown and click the Next button.
Note: The urgency is a measure of how long it will be until an incident has a significant impact on the business. The four urgency level options provided here are critical, high, medium and low.
Step 5: The Review SLA Configuration page will be displayed. Review the selected settings and click Next button.
Step 6: You will now see the Acknowledge SLA Configuration page. Review the selected services, priority level, target response and acknowledgement time, target resolution time and the service target and click Acknowledge button to approve.
Step 7: You will now see the activated Incident Response Services.
Step 8: Click the Start button to initiate the Incident Response Services application.