Incident management

From xDR to case management

RedCarbon AI Expert Analyst include an Incident Management Platform. When an xDR system delivers a warning of a detected incident on console, the management process in a SOC or a Corporate security team is just in its beginning.

RedCarbon Platform introduces a specific flow methodology

This permits very effective management of an incident and its elevation to become a Case.
A single alert extracted from an xDR feed or Log system is initially just an event. In RedCarbon’s vision and philosophy, it became a Case only after the Virtual Analyst had ingested it and had started its Cyber Analysis job producing a report with all its collateral, Notes, Observable and IOC.
According to the user login, the platform is aware of user permission and customer assigned to him, to a specific reseller or a System Integrator.

Assignment of a Case

Based on their given permission, every user has specific rights to manage a Case. The Incident Management console permits users to assign themselves a particular Case.

Closing or escalation of a Case

Once assigned, the Case could be closed if the Virtual Assistant analysis is considered adequate. Where a Virtual Assistant finds a doubt situation or the human operator has doubt too, it could be escalated to a higher tier of intervention to a more expert operator.

Case Searching for details

Cases shown in the console could be searched by their status and classification, making it easier for operators to focus on the more important ones. 

Volume management

In some applicative customer cases (e.g. a legitimate weekly scan or a considerable attack), operators may be overcome by a massive volume of warnings. In this case, the platform permits grouping the ones referring to the same event in a single Case and again reduces the human workload. 

Manually insertion

The platform also permits manually inserting a Case’s flow management; an exceptional situation detected from a source external to the xDR Data-feed could also be inserted and managed in the same customer contest.

Case categorisation management

Each case gets a specific classification from the Virtual Analyst. Humans can always manually change this classification to take control in doubting situations.

AI and Humans management console

Setting setup console permits accordantly incident typology to assign the management to AI or humans. That’s to help the Security Team manager or SOC manager to refine the design a flow accordantly the uniqueness of each customer and a possible requested SLA.