- 07 Aug 2023
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Smart Incident Management
- Updated on 07 Aug 2023
- 1 Minute to read
- Contributors
- Print
- DarkLight
- PDF
Overview
Smart incident management can accurately predict if an incident is a cluster of false-positive alerts and take action on that incident, without waiting for you to do anything.
This feature will:
- Identify false positive incidents based on diversity index and other indicators.
- Automatically close incidents identified as false positive.
- Introduce whitelist filters to prevent the creation of closed incidents in the future.
- Notifications for automatically closed incidents and new whitelist filters.
- Ensure automatically closed incidents can be re-opened for further investigation if required.
- Only apply to incidents in New state, so that any incident that is in progress is not considered for automatic closure.
- Close incident if at least 99% of alerts belong to the same detection.
- Whitelist destinationIP if impacted by at least 90% of alerts.
Configuring Smart Incident Management
You can activate the Smart incident management from a toggle inside the Settings tab, as shown below:
You can then set:
- Incident size
- Severity index
- Minimum artifacts
Short Term Notification
The screenshot below provides an example of a short-term notification:
© 2024 Accedian Networks Inc. All rights reserved. Accedian®, Accedian Networks®, the Accedian logo™, Skylight™, Skylight Interceptor™ and per-packet intel™, are trademarks or registered trademarks of Accedian Networks Inc. To view a list of Accedian trademarks visit: http://accedian.com/legal/trademarks/.