You can set up intrusion detection zones for secure areas to alert selected recipients when there is a breach. You can configure incidents to manage the threat and put procedures in place for ground staff to take definitive action.
Considerations for Intrusion alert incident configuration
Intrusion alert incidents are not planned. However, the incidents triggered need to be assessed to validate the threat. The trigger can be a false positive and the incident needs to be managed accordingly.
- Identity
- Define the incident. Select an icon and color scheme that is unique and reflects the
nature of the incident.
Your operators can see all the incidents assigned to them in the incident list in the Incident monitoring task in Security Desk. Having dedicated icons and color schemes gives them an instant snapshot of the state of their zones or areas.
- Properties
- Typically, the incident needs to be triggered when the system detects a breach in
the designated intrusion zones. However, if the operators detect a breach they must be
able to trigger the incident on the map in Security Desk.
You can configure this by selecting Allow manual trigger in the page.
- Recipients
- Intrusion threats must be monitored round the clock.
In the Recipients tab of the Incident configuration task, select Advanced recipient configuration. This selection ensures that the incident is dispatched to backup recipients when the intended recipients are not logged on.
- Triggers
- You can leverage the system triggers to automatically alert your operators to an
intrusion threat. You can search for and use a combination of the predefined intrusion
detection alarms in the system on the Triggers page in the
Incident configuration task.
Incident triggers can be system events, such as Intrusion detection alarm activated, with conditions of selected zones.
- User procedure
- This incident needs a dynamic user procedure so the system and procedure can adapt to operator responses.
- Automation
- In this scenario, the system must automatically resolve the incident if it is a false positive and perform a series of steps for incident resolution if it is a valid threat. You can do this using a dynamic SOP.
- Threat levels
- For Intrusion alert incidents, you can set up system wide or location based threat levels.
- States
- In this example, there is a custom state configured that alerts the operators to an intrusion in the secure zone.
Incident states for Intrusion alert incidents
- New
- In progress
- On hold
- Resolved
- Closed
This scenario uses a custom state called Intrusion detected that is used to direct the system to perform a series of activities.
Threat levels for Intrusion alert incidents
Using threat levels, you can automate a series of actions for the system to perform when a threat is detected, and another set of actions when the threat is nullified. You can configure threat levels in Config Tool by opening the System task and going to .
User procedure for Intrusion alert incidents
Handling intrusion threats requires flexible user procedures. Some threats can be false alarms and others can be major incidents needing law enforcement. The user procedure should offer guidelines to the operators based on the type of intrusion threat.
Using Mission Control, you can configure a single intrusion threat incident with an automation workflow and a dynamic user procedure addressing multiple scenarios to guide your operators through the incident resolution process.
While you can add contact lists, incident management guide lines and so on from the Document management page of the Incident configuration task in Config Tool, you can also use the dynamic user procedure to give your operators details of people to call:
You can also select the Force comment option for procedure steps to ensure that operators cannot move to the next step without entering comments for the step.
You can include details in the procedure step to indicate the precise details you require for that step. These operator comments are logged in the incident activity report and can be used for forensic analysis of the incident if required.