Sift Security Blog Effective Management of Security Incidents

You'll be excited to hear that we released an additional tab under the Risks view of our product, to enable Incident Management. The Incidents tab surfaces the highest fidelity alerts that should be prioritized in terms of investigations and / or proactive hunting, and enables management of those incidents. Here's what you need to know about this new tab:What are the Key features?Visualization - dashboards and tables summarizing incidentsCreation - create / edit incidents, manually or automaticallyNotification - set up notification options (Ticketing, Slack, Email, etc.)Workflow - assign & change status of incidentsInvestigations - investigate incidents, pivot to alerts, search, or the graph canvasWhat dashboards are available?View Incidents by status and priorityView trending metrics, such as # of open incidents over timeFilterable table with time, description, priority, status, affected entities, and moreHow are Incidents created?Incidents can be created manually from one or more individual alertsAlert clusters, which are chains of interrelated alerts, automatically create incidents by defaultRules and anomalies can be configured to create incidents (for example, create an incident for all critical Wildfire alerts)What notification options are available?Out of the box notification options include Email, Slack, ServiceNowUsers can add their own integrations or request additional integrationsWhat workflow is enabled?Users can sort incidents by time and priorityUsers can assign incidents to users of Sift SecurityUsers can change the stage of incidents (e.g. Analysis, Remediate, Closed)Users can provide feedback on the incident (e.g. False Positive)What investigations and remediation capabilities are possible?Users can see all the alerts that constitute an IncidentUsers can see the raw details in SearchUsers can investigate the Incident using the Graph Canvas, visualizing the alerts and contextUsers can select from out of the box integrations to take actionUsers can add custom integrations to facilitate remediationFor further reading, check out docs.siftsecurity.com, and learn more about how to take advantage of these new incident management capabilities.