The case for incident management in a SIEM system

Log360's latest incident management system is the perfect bridge between your incident detection and response processes. The feature comes in handy for security administrators and the various agents who investigate and resolve security issues. Imagine you're the security administrator for your organization's computer network. You receive an email alert in the middle of the night from your SIEM system about a possible breach on one of your servers. Joe is in charge of this server, so you shoot him an email to look into it. The next morning, you walk in to the office and discover Joe hasn't discovered your email yet in his mound of unread messages. So, you brief him quickly and go about your other tasks. Throughout the work day, you alternate between emails, chat messages, and in-person conversations with Joe on the status of this issue, which is finally resolved by the end of the day. You probably got a mild headache just thinking about such a scenario, but you also probably recognized two pretty obvious issues with it:
  • The lack of a dedicated system to raise, assign, and track the status of the incident.
  • The few minutes you spent sending the initial email, which you would rather have spent blissfully asleep.
Now, the first issue is easily solved with help desk software like ServiceDesk Plus or ServiceNow. Implementing help desk software would ensure Joe doesn't miss the incident, as it's raised on a separate portal dedicated solely to these kinds of alerts. In this portal you could also track ticket status. The second issue could be solved in a couple of ways; you could either have a built-in ticketing system in your SIEM solution, or you could integrate your SIEM solution with an external help desk. Log360's incident management feature provides all of these features.Log360's incident management feature includes:
  • An intuitive dashboard that displays various incidents.
  • Multiple views of the dashboard, namely, incidents assigned to the logged-in user, assigned or yet to be assigned incidents, high-priority incidents, or incidents filtered by type.
  • An internal system to assign incident tickets to agents and track their status.
  • Automatic ticket assignment based on the device or device group that triggers the incident.
  • Integration with popular external incident management tools ServiceDesk Plus and ServiceNow.
With an internally integrated ticketing system as well as external integration with popular help desk software, Log360's incident management module gives organizations the flexibility to choose how to unite their security incident detection and resolution processes into one seamless process.