0
11.4.10
Yokohama, Xanadu, Washington DC, Vancouver Patch 4, Vancouver
Security Incident Response includes a new user interface called the Security Analyst Workspace which features powerful tools for assisting in analysis, including playbooks, peek view, and tabs for working on multiple security incidents.
Purpose-built for security analysts, the powerful tools in the Security Analyst workspace allow you to analyze the growing volume of data associated with security incidents. Automated actions significantly reduce the security incident investigation time, which can be the difference between stopping an attack and suffering a breach.
The Security Analyst Workspace includes the following key features:
- Locate the security incidents you want to investigate using quick filters.
- Identify the columns you want to view, sort columns, and create on-the-fly filters to drill down to the security incident of interest.
- View the key information about a security incident using the Peek View before drilling into the incident details.
- Organize artifacts such as observables, configuration items, and affected users on the flexible Overview tab.
- Use Incident tabs to work on multiple security incidents simultaneously.
- View playbooks and advance the incident response process by completing the playbook tasks.
- View the original phishing email associated with an incident to kick-start the investigation.
- Launch automation to perform Threat Intelligence lookups, observable enrichment, email search-and-delete, and observable blocking to comprehensively respond to phishing and other incident types.
- Perform quick actions on security incident-related artifacts, such as adding or editing observables, affected users, and affected CIs from the related lists.
- View the related security incidents and child security incidents associated with the incident.
- Add work notes to the incident from the Overview and Explore tabs and task-specific work notes within the playbook view.
- View the timeline of investigative activities recorded during the incident response and filter for events of interest.
- Change the incident state as you progress through the response procedures and close the incident.
- The Security Administrator can create new primary incident filters and quick filters.
- Analysts can personalize their primary and quick incident filter lists.
- Analysts can personalize the incident list columns.
- Analysts can add/remove tags on the security incident and related lists.
- Analysts can add or change incident assignment groups and assign/re-assign incidents to other analysts.
- Analysts can add custom response tasks to the incident playbook and change assignments on response tasks.
- Analysts can send email communications from the incident or the response task using predefined templates.
- Response tasks support multiple outcome types.
- Additional Related Lists are now available on the UI.
- Performance fixes to resolve the slow page loading time.