Smart Incident Management
  • 07 Aug 2023
  • 1 Minute to read
  • Contributors
  • PDF

Smart Incident Management

  • PDF

Article summary

Overview

Smart incident management can accurately predict if an incident is a cluster of false-positive alerts and take action on that incident, without waiting for you to do anything.

This feature will:

  • Identify false positive incidents based on diversity index and other indicators.
  • Automatically close incidents identified as false positive.
  • Introduce whitelist filters to prevent the creation of closed incidents in the future.
  • Notifications for automatically closed incidents and new whitelist filters.
  • Ensure automatically closed incidents can be re-opened for further investigation if required.
  • Only apply to incidents in New state, so that any incident that is in progress is not considered for automatic closure.
  • Close incident if at least 99% of alerts belong to the same detection.
  • Whitelist destinationIP if impacted by at least 90% of alerts.

Configuring Smart Incident Management

You can activate the Smart incident management from a toggle inside the Settings tab, as shown below:

image.png

You can then set:

  • Incident size
  • Severity index
  • Minimum artifacts

Short Term Notification

The screenshot below provides an example of a short-term notification:

image.png

© 2024 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms

For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks



Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.