Incident Response & Ticket Management
In Polaris, Incident Response can be conducted and managed by an organization's internal team members via a ticket system. Tickets can be used to monitor, alert, and discuss threats that are present on the site, helping you focus on the threats that matter and mitigate them within the shortest time possible.
Note: incident response will be conducted by an organization's own team unless they are part of Polaris' Managed Security Services program.
There are 2 ways a user can create an incident ticket:
- Through a Security Events. To find out more about security events and how you can use it to create incidents, check out this article: Security Events.
- Creating an incident ticket individually without the use or reference of an existing security event.
Viewing Incidents
Under Sites
, click on Security Center
.
TLook for the Incident Response
tab, as indicated by the red arrow.
You may also search for an incident using the following filters:
- Incident name
- Incident status (Open, Triage, Done)
- Assignee
- Severity Level (Low, Medium, High, Critical)
Incident Settings
You may view details about an incident by clicking on it.
You may update its status and discuss the incident with other users. Listed below are some of the options to configure an incident ticket:
- State: Open, Triage, Done
- Severity: Low, Medium, High, Critical
- Assignee (Note: An incident ticket can only be assigned to 1 primary person)
- List of participants (You are allowed to have multiple participants)
- Modify the ticket name (Click on the pencil icon beside the name)
Additional Notes
- The incident will also display the description and any files that were attached during its creation.
- A timeline will also display all changes and comments regarding the incident.
- You may add comments and attach files by scrolling to the bottom of the timeline.
- You may create an incident ticket (without referencing a security event) by clicking on the
+Add new incident
on the bottom of the incident list.
If you would like to create an incident ticket based on a security event, please refer to this article: Security Events.
Check out our Creating Security Events Walkthrough here: