.svg?sv=2022-11-02&spr=https&st=2024-11-07T20%3A53%3A02Z&se=2024-11-07T21%3A03%3A02Z&sr=c&sp=r&sig=Fy3pByrooCCj7Wfv9dNgE6jo21C%2FY4x0ttytDuX1A0w%3D){kind=logo}
Smart Incident Management
- 07 Aug 2023
- 1 Minute to read
- Contributors
- Print
- PDF
Smart Incident Management
- Updated on 07 Aug 2023
- 1 Minute to read
- Contributors
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
Smart incident management can accurately predict if an incident is a cluster of false-positive alerts and take action on that incident, without waiting for you to do anything.
This feature will:
- Identify false positive incidents based on diversity index and other indicators.
- Automatically close incidents identified as false positive.
- Introduce whitelist filters to prevent the creation of closed incidents in the future.
- Notifications for automatically closed incidents and new whitelist filters.
- Ensure automatically closed incidents can be re-opened for further investigation if required.
- Only apply to incidents in New state, so that any incident that is in progress is not considered for automatic closure.
- Close incident if at least 99% of alerts belong to the same detection.
- Whitelist destinationIP if impacted by at least 90% of alerts.
Configuring Smart Incident Management
You can activate the Smart incident management from a toggle inside the Settings tab, as shown below:
You can then set:
- Incident size
- Severity index
- Minimum artifacts
Short Term Notification
The screenshot below provides an example of a short-term notification:
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks
Was this article helpful?