Incident Management Overview

Logsign Unified SecOps Platform collects datas, analyzes and visualizes it. In addition, Logsign offers many features that automate and facilitate incident response. It offers an incident management and response solution prepared with one-click fast response, ready-made analysis cards and MITRE Matrix approaches.

All incidents that occur in the system can be accessed by the "Incidents" tab from the Logsign web interface. Under the incident tab, incidents' values ​​such as count, priority, risk score, status, owner and category can be followed. Analyzes can be performed and the action module can be used.

Ekran_Resmi_2022-05-26_10.44.46.png

When an incident is clicked, the incident card screen will be appeared.Ekran_Resmi_2022-05-26_10.48.43.png

All the detailed information of the incident can be accessed by pressing the more button.

The Action Object, risk score value, artifact and entity informations can be seen on the Incident detail screen. In addition, number of times the incident was triggered and the previous responses can be tracked.

Ekran_Resmi_2022-05-26_10.54.16.png

It can be seen which Mitre Attack Matrix belongs to the triggered alarms and Mitre Attack vector can be defined by going to the Alert Rules tab.

Ekran_Resmi_2022-05-26_11.10.10.png

NIST Response Stages for the incidents can be followed in the upper right section and one click response feature can be used with the "Action Button" in the lower right corner.

Ekran_Resmi_2022-05-26_10.57.38.png

Third party investigation tools ( AbuseIPDB, VirusTotal, IBMXForce) , Security Devices and Ldap integrations are available to used for action module.

A investigation results are added to the incident for enrichment and the response results can be seen in the incident detail screen.

Ekran_Resmi_2022-05-26_11.05.36.png

Ekran_Resmi_2022-05-26_11.06.41.png

As a result of the received responses, the process proceeds automatically and after the incident is resolved, the incident can be closed by defining the reason.

Ekran_Resmi_2022-05-26_11.15.56.png

Ekran_Resmi_2022-05-26_11.27.03.png

 

Was this article helpful?
2 out of 2 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.