The case for incident management in a SIEM system
Log360's latest incident management system is the perfect bridge between your incident detection and response processes. The feature comes in handy for security administrators and the various agents who investigate and resolve security issues.
Imagine you're the security administrator for your organization's computer network. You receive an email alert in the middle of the night from your SIEM system about a possible breach on one of your servers. Joe is in charge of this server, so you shoot him an email to look into it. The next morning, you walk in to the office and discover Joe hasn't discovered your email yet in his mound of unread messages. So, you brief him quickly and go about your other tasks. Throughout the work day, you alternate between emails, chat messages, and in-person conversations with Joe on the status of this issue, which is finally resolved by the end of the day.
You probably got a mild headache just thinking about such a scenario, but you also probably recognized two pretty obvious issues with it:
Log360's incident management feature includes:
- The lack of a dedicated system to raise, assign, and track the status of the incident.
- The few minutes you spent sending the initial email, which you would rather have spent blissfully asleep.

- An intuitive dashboard that displays various incidents.
- Multiple views of the dashboard, namely, incidents assigned to the logged-in user, assigned or yet to be assigned incidents, high-priority incidents, or incidents filtered by type.
- An internal system to assign incident tickets to agents and track their status.
- Automatic ticket assignment based on the device or device group that triggers the incident.
- Integration with popular external incident management tools ServiceDesk Plus and ServiceNow.
Comments