Managing incidents - case management / ticket details
13 views
Skip to first unread message
didscodan
Feb 24, 2014, 3:00:04 PM2/24/14
to aan...@googlegroups.com
I've reviewed aanval, and I didn't see a good way to create a "case" or ticket to keep track of incident investigation or any other type of reporting.
For example, if we are researching a potential incident against a specific host or group of hosts, we would want to create a case where we could do the following:
For example, if we are researching a potential incident against a specific host or group of hosts, we would want to create a case where we could do the following:
- Collect information about the event (attackers, signatures, internal systems, etc)
- Record our thoughts (The ticket component)
- attach various queries to the case
- email the case
Does aanval provide this type of functionality?
Thank you
SuperheroSmith
Feb 24, 2014, 3:41:10 PM2/24/14
to aan...@googlegroups.com
Aanval has many options to log, add notes to event data, and report.
1. Collect information about the event (attackers, signatures, internal systems, etc)
Aanval imports and logs all event data provided by Snort. On the dashboard or Live Event Monitor, clicking Event Details on a specific event will show you all the data provided by Snort.
2. Record our thoughts (The ticket component)
Aanval provides a tagging system. While viewing those same Event Details, you can add individual tags. Under My Options > Tag Management, you can create custom tags, aside from those default tags provided.
Under My Options > Action Management, you can create custom actions to automatically tag events based on your own event criteria: http://wiki.aanval.com/wiki/Aanval:Action_Management
3. attach various queries to the case
Using the My Reports option you can create custom reports to be scheduled and emailed based on event criteria.
You can also use the Advanced Search feature to return results, with the option of using multiple keywords to search very specific results: http://wiki.aanval.com/wiki/Aanval:Advanced_Search_Help
Once results are returned, you can then click the option to "Generate report from results."
4. email the case
When viewing any report, you can email it in PDF or text format from the My Reports menu. The report will be sent to the email address of the user currently logged in.
Reply all
Reply to author
Forward
0 new messages