The Red Canary platform includes basic incident response and detection workflow management capabilities. For security teams without incident or ticket management systems, this is often just enough workflow to coordinate among your team.
Our detection workflow includes the following features:
- Detections can be acknowledged, notifying others that a specific user has seen and may be working on that detection.
- Notes can be added to detections and viewed by others on your team. These are useful for recording information that you identify during your response, context from your incident response team, etc.
- Detections can be marked as remediated or not remediated when your response is completed.
Acknowledging a detection
You can acknowledge a detection to inform others on your team that you have seen or are working that detection.
To acknowledge a detection:
- Click Confirmed Threats in the site navigation.
- Click the title of the detection you wish to acknowledge.
- At the top of the detection timeline, click Acknowledge.
- The detection will be marked as acknowledged.
Adding notes to a detection
You can add text-based notes to detections that are visible to you and your team. All notes support Markdown syntax for basic formatting.
To add a note to a detection:
- Click Confirmed Threats in the site navigation.
- Click the title of the detection you wish to acknowledge.
- Under the Add a note for you or your team's record… section, enter text / Markdown notes.
- Click Save.
To remove a note from a detection:
- Click the ICON_TRASH icon to remove the note from the detection.
How should I communicate with my Red Canary team about a detection?
Notes are designed for you and your internal team and are not intended for communicating with Red Canary. You can send specific notes and questions to Red Canary’s incident handling team in a different way.
To send a note about a detection to Red Canary’s incident handling team:
- Click Confirmed Threats in the site navigation.
- Click the title of the detection you have a question about.
- Under the Ask your Red Canary incident handler a question about this detection... section, enter text / Markdown notes.
- Click Save.
Comments
0 comments
Please sign in to leave a comment.