SIEM for ITIL Incident Response - Part 2 - AlienVault
SIEM for ITIL Incident Response - Part 2 - AlienVault
SIEM for ITIL Incident Response - Part 2 - AlienVault
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
13Flow DiagramSecurityControlSecurityControlSecurityControlCriticalSystemCriticalSystemCriticalSystemLog Aggregation<strong>SIEM</strong> may have someAsset ManagementCapability/IntegrationPolicy ManagementLog CorrelationAsset Management<strong>SIEM</strong>Correlation RuleTuningEvent Aggregation toIntelligent Case Groupings<strong>Incident</strong> RecordsSecurity Events are no automatically grouped into viable <strong>Incident</strong>Records by mapping entities to business roles.Org Management<strong>SIEM</strong> <strong>Incident</strong> Management Plat<strong>for</strong>mRecord Resolutionin <strong>Incident</strong> RecordExternal Escalation and Tracking isnow part of the same app workflowEscalate To Remediate<strong>Incident</strong>/IssueChangeManagementRoot Cause Investigation<strong>Incident</strong>s are continually mapped back to Risk Management to providetrue Business Root Cause Analysis<strong>Incident</strong>s Are mapped to Configuration Management Data to close thewindow of exposure caused by changes.Risk ManagementConfigManagement<strong>Incident</strong> <strong>Response</strong> AnalystsAnalysts Now per<strong>for</strong>m theirrecording in the <strong>Incident</strong>Management App, largely withinpre-generated records