You can optimize your incident response process by dispatching incidents to the specific security operators who are most suitable to respond to the incident. Suitability can be based on the area an operator is responsible for, their work shift, and whether or not they are online when the incident occurs.
What you should know
On the incident Recipients page, click the
Specific dispatch option.
When the Specific option is enabled, incidents are only dispatched to the recipients you configure.You can select from two modes:
- In the simple mode, incidents are dispatched
to all configured recipients. If a user is not online when the incident is
dispatched, they receive the dispatch notification when they log on.
- In the advanced mode, you can add
suitability criteria (time and location of occurrence of the incident) to each
configured recipient. An incident is dispatched to a recipient only if it
matches the suitability criteria of the recipient. An incident is not dispatched
to a configured recipient if they are not online at the time the incident is
triggered. For this reason, you must also configure a secondary group of
recipients who can respond to an incident if none of the primary recipients are
Click Advanced to select the advanced mode (Simple mode is the
If you had recipients configured in the simple mode, they will be discarded. Click Apply to confirm.
- Under the recipient list to the left, click Add an item ().
In the dialog box that opens, enter the location (Areas) and
time (Schedules) of occurrence of the incidents, and the
Recipients (users and user groups) this type of incident is
You must specify all three parameters.
- Click OK.
- Add more recipient groups if necessary.
- Under the recipient list to the right, click Add an item ().
- In the dialog box that opens, select the users and user groups that the incident is dispatched to when no primary recipients are available, and click Add.
- Click Apply.