- Central place to collect and analyze incident data
- Investigator actions can be recorded
- Time-stamped journal for audit trail
- Incident case can be printed out
- Live monitoring of the incident case progress
Incident Management
When suspicious activity is detected in the system, it is important to be able to investigate the situation as soon and quickly as possible.
StoneGate Management Center aids in incident case management by enabling the collection of all information about an incident.
Using the Incident Cases feature, the administrator can gather all data, actions, system configuration information, and files related to a specific incident. It is also possible to print or export the incident information.
Whenever an administrator detects something suspicious or out of the ordinary, he or she can easily open a new incident case. The purpose of an incident case is to gather all related information – logs, policy snapshots, memos and files - together so that the case can be sufficiently analyzed. The investigation of the incident is faster as the administrator can easily find and access related information in a single view.
During the incident management process, the administrator can write down decisions and actions taken into a journal. This allows documenting answers to the key questions: who, what, when, where, why, and how. Each Journal entry is time-stamped and cannot be modified afterwards.
The Journal feature is used to create a manual audit trail on how the investigation progressed, which may be needed afterwards when the handling of the incident is analyzed.
A Player List view collects information about various components related to an incident case. The list comprises of hosts involved in the incident. The administrator can easily add players from log entries and then investigate their role and comment on the role of each player in the incident.
The History view shows all audit entries related to an incident case and works as a summary of the incident case. Together with the Journal and Player List, it is an excellent tool for reporting to upper management an incident and how it was resolved. This feature is available for super users only.
