To effectively manage intrusion threats, you need to design an incident automation workflow that automatically resolves false alarms and adapts to the dynamic user procedure to handle valid threats.
Automation workflow design considerations for Intrusion alert incidents
- Detection and automatic resolution of false alarms.
- Investigation of valid intrusion threats.
- Escalation of threat priority when needed.
In this example, the Intrusion alert incident is configured with automatic triggers. When there is a breach in any of your configured intrusion zones, the system triggers the Intrusion alert incident.
- Validate the threat by displaying the video feed at incident location and allowing the operator to respond to the user procedure.
- Based on the operator's response, change the incident state and raise the threat by using the Set threat level activity.
- Offer options for operators to dispatch the incident to required security personnel such as local law enforcement, on-site security teams, and so on based on threat level.
- Perform incident resolution activities that include removing the threat level notice, exporting the incident details, changing the incident state, and closing the incident.
If the triggers are intrusion events from the system and do not include cameras, you must select the exact camera entity to display.
Automation workflow for Intrusion alert incidents
In this example, there are nested parallel tasks to perform multiple checks at each stage of incident resolution. The Parallel tasks activity is used to configure multiple activity paths.
The first set of parallel tasks serves as a logical IF, validating the threat.
If the threat is valid, the system sets the threat level as configured, and performs another check to see if it is a minor threat or major threat.
You can design the incident automation workflow to automate many tasks, such as changing incident state, dispatching the incident to relevant personnel, changing incident priority based on threat enormity, updating the incident listing to reflect the incident state in real-time, and so on based on the operator's response to the user procedures.
Automating post resolution activities for Intrusion alert incidents
- Deactivate the threat level notice.
- Export the incident details to a specified location.
- Resolve and close the incident.
The operator's screen for Intrusion alert incidents
Every action that the system takes or that the operator performs is captured in the operator’s Security Desk.
As soon as the incident is triggered, by automation workflow design the Monitoring task opens a video feed of the incident location. The operator can then go through the preconfigured dynamic incident procedure. Any comments entered are logged in the activity report, as can be seen in the screenshot of the operator's Security Desk.
If the operator confirms that the threat requires multiple teams, the incident automation workflow will reflect that by changing the incident state and highlighting it.
Apart from exporting incident details for review, you can also generate a report after incident resolution using the Incident report task in Genetec Mission Control™.