--- Activities: Activity-5d4d5471b8dafb2edaaa5d7cd27b548d: ActivityDialogs: - ActivityDialog-d7634a8d86aeb6e2d9639c22803a5ce3 ChangeTime: 2023-07-19 14:48:44 Config: ActivityDialog: '1': ActivityDialog-d7634a8d86aeb6e2d9639c22803a5ce3 Scope: Process ScopeEntityID: Process-1c405b22d2d8d3e87246eb5c71478839 CreateTime: 2023-07-17 14:07:36 EntityID: Activity-5d4d5471b8dafb2edaaa5d7cd27b548d ID: 6 Name: Follow-up Investigation Activity-6d8c9b43dfd087a5ec6da3603d0a1bef: ActivityDialogs: - ActivityDialog-ee4e52cc45e6d3e7db92fdfa3f3a4d13 ChangeTime: 2023-07-19 10:40:33 Config: ActivityDialog: '1': ActivityDialog-ee4e52cc45e6d3e7db92fdfa3f3a4d13 Scope: Process ScopeEntityID: Process-1c405b22d2d8d3e87246eb5c71478839 CreateTime: 2023-07-19 10:37:19 EntityID: Activity-6d8c9b43dfd087a5ec6da3603d0a1bef ID: 7 Name: Incident Review Activity-79bfb0d70bcc441b2224bd46ada0f48d: ActivityDialogs: - ActivityDialog-73ad0e0bcf7ccde99e6617a1ecaf21a9 ChangeTime: 2023-07-17 14:06:24 Config: ActivityDialog: '1': ActivityDialog-73ad0e0bcf7ccde99e6617a1ecaf21a9 Scope: Process ScopeEntityID: Process-1c405b22d2d8d3e87246eb5c71478839 CreateTime: 2023-07-17 14:02:39 EntityID: Activity-79bfb0d70bcc441b2224bd46ada0f48d ID: 5 Name: Collect Investigation Data Activity-8ac04b084fb87737a437773e9b138de7: ActivityDialogs: [] ChangeTime: 2023-07-19 10:42:35 Config: Scope: Global CreateTime: 2023-07-19 10:42:35 EntityID: Activity-8ac04b084fb87737a437773e9b138de7 ID: 8 Name: Incident Record Closed ActivityDialogs: ActivityDialog-73ad0e0bcf7ccde99e6617a1ecaf21a9: ChangeTime: 2023-07-19 14:49:20 Config: DescriptionLong: "* Determine whether the incident is isolated\r\n* Look for factors explaining abnormal behavior\r\n* Estimate potential impact" DescriptionShort: Data collected by reporter FieldDetails: Article: &1 Config: Body: '' CommunicationChannel: Phone IsVisibleForCustomer: '1' StandardTemplateAutoFill: '1' StandardTemplateID: - '3' Subject: Reporters Estimation TimeUnits: '0' DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '2' DynamicField_IRPContainmentSteps: &2 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPIncidentEnd: &3 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPIncidentStart: &4 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '2' DynamicField_IRPScope: &5 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' FieldOrder: - DynamicField_IRPIncidentStart - DynamicField_IRPIncidentEnd - DynamicField_IRPScope - Article - DynamicField_IRPContainmentSteps Fields: Article: *1 DynamicField_IRPContainmentSteps: *2 DynamicField_IRPIncidentEnd: *3 DynamicField_IRPIncidentStart: *4 DynamicField_IRPScope: *5 Interface: - AgentInterface - CustomerInterface Permission: '' ProcessEntityID: '' RequiredLock: '' Scope: Process ScopeEntityID: Process-1c405b22d2d8d3e87246eb5c71478839 SubmitAdviceText: '' SubmitButtonText: '' CreateTime: 2023-07-17 14:03:05 EntityID: ActivityDialog-73ad0e0bcf7ccde99e6617a1ecaf21a9 ID: 4 Name: Personal Investigation Report ActivityDialog-d7634a8d86aeb6e2d9639c22803a5ce3: ChangeTime: 2023-07-19 21:15:58 Config: DescriptionLong: "* Classify incident into Level 1 , 2 or 3\r\n\r\nThe following descriptions can be used to determine what response the IRT will take:●Low: Indicates attempted suspicious activity that did not compromise the network or that involves sensitive data. Limited impact or minor disruption to business operations. Isolated event (single client).●Medium: Indicates suspicious activity that deviates from normally observed behavior and, depending on the use case, may be indicative of a resource compromise that may involve confidential or public data. Important or severe impact or significant disruption to business operations.●High: Indicates the resource in question is compromised and is being used for unauthorized purposes. Negative impact to business reputation, negative client reaction, financial and liability impacts. A security incident impacting 25% of users must be set to High.\r\n\r\n* Contain and isolate\r\n* Communicate incident details to key stakeholders\r\n* Send template response to other partners" DescriptionShort: IRT Investigation Record FieldDetails: Article: &6 Config: Body: '' CommunicationChannel: Phone IsVisibleForCustomer: '0' StandardTemplateAutoFill: '0' StandardTemplateID: [] Subject: Report Update TimeUnits: '0' DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPContainmentSteps: &7 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPCorrectiveAction: &8 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPIncidentEnd: &9 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPIncidentStart: &10 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPLocation: &11 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPRootCause: &12 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPScope: &13 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPIncidentLevel: &14 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPPotentialImpact: &15 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' State: &16 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '2' FieldOrder: - DynamicField_IRPIncidentLevel - DynamicField_IRPScope - DynamicField_IRPLocation - DynamicField_IRPIncidentStart - DynamicField_IRPIncidentEnd - DynamicField_IRPPotentialImpact - DynamicField_IRPContainmentSteps - Article - DynamicField_IRPCorrectiveAction - DynamicField_IRPRootCause - State Fields: Article: *6 DynamicField_IRPContainmentSteps: *7 DynamicField_IRPCorrectiveAction: *8 DynamicField_IRPIncidentEnd: *9 DynamicField_IRPIncidentStart: *10 DynamicField_IRPLocation: *11 DynamicField_IRPRootCause: *12 DynamicField_IRPScope: *13 DynamicField_IRPIncidentLevel: *14 DynamicField_IRPPotentialImpact: *15 State: *16 Interface: - AgentInterface Permission: '' ProcessEntityID: '' RequiredLock: '' Scope: Process ScopeEntityID: Process-1c405b22d2d8d3e87246eb5c71478839 SubmitAdviceText: '' SubmitButtonText: '' CreateTime: 2023-07-19 10:11:51 EntityID: ActivityDialog-d7634a8d86aeb6e2d9639c22803a5ce3 ID: 5 Name: Investigation Record ActivityDialog-ee4e52cc45e6d3e7db92fdfa3f3a4d13: ChangeTime: 2023-07-19 21:17:06 Config: DescriptionLong: "IRT Review and Analysis (pending 1 Week after Resolution)\r\n\r\n* Review all evidence collected\r\n* Track investigation\r\n\r\nResults of the investigation conducted to determine the root cause of the compromise and evaluate the effectiveness of the Incident Response Plan.1Other security controls to determine their appropriateness for the current risks.2Any identified \ areas in which the plan, policy, or security control can be made \ more effective or efficient, must be updated accordingly" DescriptionShort: Review Record FieldDetails: Article: &17 Config: Body: '' CommunicationChannel: Phone IsVisibleForCustomer: '1' StandardTemplateAutoFill: '1' StandardTemplateID: - '3' Subject: IRP Review and Analysis TimeUnits: '0' DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '2' DynamicField_IRPContainmentSteps: &18 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPCorrectiveAction: &19 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPIncidentEnd: &20 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPIncidentStart: &21 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPLocation: &22 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPPreventionAction: &23 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPRootCause: &24 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPScope: &25 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPIncidentLevel: &26 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' DynamicField_IRPPotentialImpact: &27 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '1' State: &28 DefaultValue: '' DescriptionLong: '' DescriptionShort: '' Display: '2' FieldOrder: - Article - DynamicField_IRPIncidentStart - DynamicField_IRPIncidentEnd - DynamicField_IRPPotentialImpact - DynamicField_IRPIncidentLevel - DynamicField_IRPScope - DynamicField_IRPLocation - DynamicField_IRPContainmentSteps - DynamicField_IRPRootCause - DynamicField_IRPCorrectiveAction - DynamicField_IRPPreventionAction - State Fields: Article: *17 DynamicField_IRPContainmentSteps: *18 DynamicField_IRPCorrectiveAction: *19 DynamicField_IRPIncidentEnd: *20 DynamicField_IRPIncidentStart: *21 DynamicField_IRPLocation: *22 DynamicField_IRPPreventionAction: *23 DynamicField_IRPRootCause: *24 DynamicField_IRPScope: *25 DynamicField_IRPIncidentLevel: *26 DynamicField_IRPPotentialImpact: *27 State: *28 Interface: - AgentInterface Permission: '' ProcessEntityID: '' RequiredLock: '' Scope: Process ScopeEntityID: Process-1c405b22d2d8d3e87246eb5c71478839 SubmitAdviceText: '' SubmitButtonText: '' CreateTime: 2023-07-19 10:39:46 EntityID: ActivityDialog-ee4e52cc45e6d3e7db92fdfa3f3a4d13 ID: 6 Name: Review Record Process: Activities: - Activity-5d4d5471b8dafb2edaaa5d7cd27b548d - Activity-6d8c9b43dfd087a5ec6da3603d0a1bef - Activity-79bfb0d70bcc441b2224bd46ada0f48d - Activity-8ac04b084fb87737a437773e9b138de7 ChangeTime: 2023-07-19 14:52:16 Config: Description: Incident Response Process for Employees Path: Activity-5d4d5471b8dafb2edaaa5d7cd27b548d: Transition-231b20608d62881b67985d60a7ad329d: ActivityEntityID: Activity-6d8c9b43dfd087a5ec6da3603d0a1bef TransitionAction: [] Activity-6d8c9b43dfd087a5ec6da3603d0a1bef: Transition-2666fb5484e4f38015b90e20110c9d8b: ActivityEntityID: Activity-8ac04b084fb87737a437773e9b138de7 TransitionAction: [] Activity-79bfb0d70bcc441b2224bd46ada0f48d: Transition-f819f831163e6bd8596d75cf14a19f21: ActivityEntityID: Activity-5d4d5471b8dafb2edaaa5d7cd27b548d Activity-8ac04b084fb87737a437773e9b138de7: {} StartActivity: Activity-79bfb0d70bcc441b2224bd46ada0f48d StartActivityDialog: ActivityDialog-73ad0e0bcf7ccde99e6617a1ecaf21a9 CreateTime: 2023-07-17 14:01:07 EntityID: Process-1c405b22d2d8d3e87246eb5c71478839 ID: 2 Layout: Activity-5d4d5471b8dafb2edaaa5d7cd27b548d: left: '465' top: '226' Activity-6d8c9b43dfd087a5ec6da3603d0a1bef: left: '715' top: '120' Activity-79bfb0d70bcc441b2224bd46ada0f48d: left: '204.888885498047' top: '79.3437194824219' Activity-8ac04b084fb87737a437773e9b138de7: left: '1015' top: '212' Name: Incident Response State: Active StateEntityID: S1 TransitionActions: [] Transitions: - Transition-231b20608d62881b67985d60a7ad329d - Transition-2666fb5484e4f38015b90e20110c9d8b - Transition-f819f831163e6bd8596d75cf14a19f21 Transitions: Transition-231b20608d62881b67985d60a7ad329d: ChangeTime: 2023-07-19 10:41:24 Config: Condition: '1': Fields: State: Match: pending reminder Type: String Type: and ConditionLinking: and Scope: Process ScopeEntityID: Process-1c405b22d2d8d3e87246eb5c71478839 CreateTime: 2023-07-19 10:41:24 EntityID: Transition-231b20608d62881b67985d60a7ad329d ID: 6 Name: Ready for Review Transition-2666fb5484e4f38015b90e20110c9d8b: ChangeTime: 2023-07-19 14:54:00 Config: Condition: '1': Fields: State: Match: closed successful Type: String Type: and ConditionLinking: and Scope: Global CreateTime: 2023-07-19 10:43:11 EntityID: Transition-2666fb5484e4f38015b90e20110c9d8b ID: 7 Name: Record closed Transition-f819f831163e6bd8596d75cf14a19f21: ChangeTime: 2023-07-17 14:06:57 Config: Condition: '1': Fields: State: Match: .+ Type: Regexp Type: and ConditionLinking: and Scope: Global CreateTime: 2023-07-17 14:06:57 EntityID: Transition-f819f831163e6bd8596d75cf14a19f21 ID: 5 Name: Data collected