Security stages

The following stages are used in the Security Incident Handling line of business:

A runbook contains predefined tasks with stages assigned to them. A runbook might not include tasks from all stages. For example, a runbook can have tasks from the Analysis, Contain, and Eradicate stage.

A case agent cannot modify the out-of-the-box stages, but only assign the stage for ad hoc tasks.

Learn how you can assign stages to ad hoc tasks in Viewing-the-stages-of-tasks-and-assigning-stages-to-ad-hoc-tasks.

Scenario

When a phishing attack occurs in Apex Global, a security case is created through the CrowdStrike scanning tool.

Bill, a case agent, starts working on the "Confirm phishing attack" task in the case, which is the first Analysis stage. In the Contain stage, he scans the endpoints, updates the email protection software, and removes the email. He then removes the malware from the endpoint in the Eradicate stage. Later he shares the actions and precautions for such a phishing attack in the Review stage. 

The following image shows the stages of the tasks in the scenario:

Runbook

The runbook is a framework to ensure cybersecurity for containing security issues. The runbook provides a high-level guidance and a systematic methodology for managing cybersecurity risk. It contains a set of tasks that a security case agent must complete to resolve a security issue. The runbook is provided out of the box with the tasks and their respective stages for a security case. Each security content use case comes equipped with a runbook for that use case.

The following image shows the Runbook tab in a security case:

Where to go from here

Viewing-the-stages-of-tasks-and-assigning-stages-to-ad-hoc-tasks