Automation workflow design for Intrusion alert incidents - Genetec Mission Control™ 2.13.4.0

Genetec Mission Control™ Administrator Guide 2.13.4.0

series
Genetec Mission Control™ 2.13.4.0
revised_modified
2020-10-27

To effectively manage intrusion threats, you need to design an incident automation workflow that automatically resolves false alarms and adapts to the dynamic user procedure to handle valid threats.

Automation workflow design considerations for Intrusion alert incidents

For managing intrusion threats, your incident automation workflow configuration must include procedure to handle the following:
  • Detection and automatic resolution of false alarms.
  • Investigation of valid intrusion threats.
  • Escalation of threat priority when needed.

In this example, the Intrusion alert incident is configured with automatic triggers. When there is a breach in any of your configured intrusion zones, the system triggers the Intrusion alert incident.

To respond to the threat, your incident automation workflow configuration should include the following steps of action:
  1. Validate the threat by displaying the video feed at incident location and allowing the operator to respond to the user procedure.
  2. Based on the operator's response, change the incident state and raise the threat by using the Set threat level activity.
  3. Offer options for operators to dispatch the incident to required security personnel such as local law enforcement, on-site security teams, and so on based on threat level.
  4. Perform incident resolution activities that include removing the threat level notice, exporting the incident details, changing the incident state, and closing the incident.
NOTE: The current configuration, Display entity: Incident location live shows the camera at incident location only if the incident source includes a camera. If the operator triggers the incident on the camera in the map at incident location or if the system trigger uses a camera entity, this configuration of the Display entity activity shows the configured camera.

If the triggers are intrusion events from the system and do not include cameras, you must select the exact camera entity to display.

Automation workflow for Intrusion alert incidents

In this example, there are nested parallel tasks to perform multiple checks at each stage of incident resolution. The Parallel tasks activity is used to configure multiple activity paths.

The first set of parallel tasks serves as a logical IF, validating the threat.

If the threat is valid, the system sets the threat level as configured, and performs another check to see if it is a minor threat or major threat.

You can design the incident automation workflow to automate many tasks, such as changing incident state, dispatching the incident to relevant personnel, changing incident priority based on threat enormity, updating the incident listing to reflect the incident state in real-time, and so on based on the operator's response to the user procedures.

Automating post resolution activities for Intrusion alert incidents

After the incident is resolved and the threat is contained, your automation workflow design can automate incident resolution activities:
  1. Deactivate the threat level notice.
  2. Export the incident details to a specified location.
  3. Resolve and close the incident.

The operator's screen for Intrusion alert incidents

Every action that the system takes or that the operator performs is captured in the operator’s Security Desk.

As soon as the incident is triggered, by automation workflow design the Monitoring task opens a video feed of the incident location. The operator can then go through the preconfigured dynamic incident procedure. Any comments entered are logged in the activity report, as can be seen in the screenshot of the operator's Security Desk.

If the operator confirms that the threat requires multiple teams, the incident automation workflow will reflect that by changing the incident state and highlighting it.

Apart from exporting incident details for review, you can also generate a report after incident resolution using the Incident report task in Genetec Mission Control™.