Extranet   Home | Legal & Privacy Notice | Search | Sitemap
flash
highlights
  • Central place to collect and analyze incident data
  • Investigator actions can be recorded
  • Time-stamped journal for audit trail
  • Incident case can be printed out
  • Live monitoring of the incident case progress

 


 


 

 

Incident Management

When suspicious activity is detected in the system, it is important to investigate the situation as quickly as possible. process_cycle

StoneGate Management Center aids in incident case management by enabling the collection of all information about an incident.

Using the Incident Cases -element, the administrator can gather all data, actions, system configuration information and files related to a specific incident. It is also possible to print and export the incident information.

Whenever an administrator detects something suspicious or extraordinary, he can easily open a new incident case for collecting information related to this issue.

The purpose of an incident case is to gather all the related information – Logs, Policy Snapshots, Memos and Files - together so that it can be easily analyzed. The investigation of the incident is faster since the administrator can easily find and access that information in a single view.

incident_management

During the incident management process, the administrator can record decisions and actions made into a Journal. This allows documenting answers to the key questions: who, what, when, where, why, and how.

Each Journal entry is time-stamped and cannot be modified afterwards.

The Journal creates a manual audit trail on how the investigation progressed, which may be needed afterwards when the handling of the incident is analyzed.  

A Player List view collects information about the various components related to an incident case. It is a list of the hosts involved in the incident. The administrator can easily add players from the log entries and then investigate their role in the incident. It is possible to add comments to the view on the role of each player in the incident.

The History view shows all the audit entries related to this incident case. Only a super user can use this function. This works as a summary of the incident case. Together with the Journal and Player List, it is an excellent tool for reporting to upper management an incident and how it was resolved.

Benefits

  • Accelerates incident handling and reduces incident costs
  • Provides good reports about incident handling and its progress
  • Creates organizational memory about past incidents
  • Helps to train new administrators to the incident management process