Request failed with status code 502

Incident Management

Record and Manage security incidents lifecycle in one place - long

  • Episodes6
  • Duration6m 54s
  • LanguagesEN
Episode 2

Incident Lifecycle

Define the Incident Lifecycle you will enforce to all your Incidents

Introduction

Incident Stages define the lifecycle of an incident, from the moment they are identified until they are resolved. In this episode, we give you examples of stages and also show you how they are created in eramba.

Sample Stages

There are infinite ways how Incidents should be treated and there is no good or wrong answers here. eramba comes without any stage and this is why before you create them you need to define:

  • What the stage name will be
  • What needs to be completed in each stage in order to move to the next one

One (out of a million other methods - google "cybersecurity stages lifecycle" and you will see how much agreement there is on this matter) of defining stages could be:

  • Identify: document what happened and made us realize an incident was taking place. the following details must be documented in order to move to the next stage: who reported, when, and how we validated the incident.
  • Containment: document what was done to contain the incident: who, when, how.
  • Communication: document to whom this incident was communicated, and attach evidence.
  • Lessons Learned: document what was identified as the root cause and what will be done to prevent re-occurrence.

Incident Stages

In the "Settings" menu of the Incident Module, you can define the stages in the order you desire. 

Once your stages are defined they should look like the screenshot shown below, of course, your stages will differ from the ones on the screenshot.

From now on, every incident created will have associated stages as per your definitions.

Changing Stages

TBD