Response

Incident Response Exercises — Incident Response Exercises may be used to practice Response Procedures in order to properly respond to potential Incidents

• Configuring Objectives — Objectives are specific points that should be addressed when carrying out an Exercise
• Configuring Injections — Injections are special circumstances attached to an exercise
• Scheduling A Meeting For An Exercise — Meetings may be used to organize and communicate on an exercise.
• Generating An Exercise Report — Exercise reports may be used to organize and keep track of information regarding an exercise.

Incident Response Incidents — A cybersecurity event that has been determined to have an impact on the organization prompting the need for response and recovery.

• General Information — The general information page is where all of the information regarding the incident is stored. This includes the detailed description of the incident.
• Escalation — Features how the incident was detected and the weight of the incident.
• Creating A New Incident — Reporting an incident will help ensure that an issue is assessed and resolved.

Response Plan — The Incident Response Plan is the central place to plan and manage Incident Response procedures, guidelines, and supporting information.

• Response Playbooks — Playbooks outline the procedures to be taken in the event of an Incident in the form of a checklist. Each step of the process gets its own tab. (e.g. Detect, Analyze, Eradicate, etc.) Playbooks can be configured in or copied into Incident Response Plans, Incidents, and Exercises.
• Locations — Notable Locations can be added to Incident Response Plans. This could be the addresses and phone numbers of data centers, vendors, etc.
• General Procedures — The Response Plan includes a set of General Procedures that may be used for various types of Incidents
• Create a Response Team — A User can create Response Teams to assign to Incident Exercises or Response Plans. Point of Contacts are added to Response Teams.
• Configuring Response Teams — Response teams are a group of people that are involved in an exercise, these people are responsible for carring out that exersise to resolve any potential incidents.
• Auto-Setup a Response Plan — A User can set up an Incident Response Plan with the push of a button. When first accessing the Incident Response module, this must be done to access the rest of the module.
• Assign a Main Point of Contact — A Point of Contact may be assigned as the main contact for an Organization’s Incident Response Plan.
• Adjust Incident Classification Tiers — A user can add or edit Classification Tiers to an Organization’s Incident Response Plan.
• Creating A New Detection Type — A means for detecting potential incidents.
• Attaching/Removing A System From An Incident Response Plan — Individual Systems may be configured with custom Response Playbooks and evaluated during Exercise and Incident scenarios.