You can provide operators with standard or dynamic incident procedures for incident resolution. Dynamic incident procedures are effective when you want to configure steps of action for multiple possible scenarios of an incident.
A standard operating procedure (SOP) or incident procedure is a series of steps that the operator must follow before changing an incident state to Resolved. Each step can range from a simple task, such as Call 911, to a complex task that requires support documents to accomplish. All actions taken by the operator are logged by the system in the incident history for audit purposes. The operator's response is not always mandatory.
In a dynamic incident procedure ( or dynamic SOP), the step sequence varies depending on the operator's responses. When configuring workflows, operator responses can be used as a checkpoint to navigate the system between different activity paths. Here is a sample dynamic SOP for an Intrusion threat alert incident:
Importing and exporting dynamic SOPs
You can reuse your dynamic SOPs by importing them from a previously exported dynamic SOP CSV file.
The Export (
) and Import (
) buttons are available at the lower right corner of the
incident Procedure page.
