Intrusion alert incidents - Genetec Mission Control™ 2.13.4.0

Genetec Mission Control™ Administrator Guide 2.13.4.0

series
Genetec Mission Control™ 2.13.4.0
revised_modified
2020-10-27

You can set up intrusion detection zones for secure areas to alert selected recipients when there is a breach. You can configure incidents to manage the threat and put procedures in place for ground staff to take definitive action.

Considerations for Intrusion alert incident configuration

Intrusion alert incidents are not planned. However, the incidents triggered need to be assessed to validate the threat. The trigger can be a false positive and the incident needs to be managed accordingly.

The incident configuration must include the following:
Identity
Define the incident. Select an icon and color scheme that is unique and reflects the nature of the incident.

Your operators can see all the incidents assigned to them in the incident list in the Incident monitoring task in Security Desk. Having dedicated icons and color schemes gives them an instant snapshot of the state of their zones or areas.

Properties
Typically, the incident needs to be triggered when the system detects a breach in the designated intrusion zones. However, if the operators detect a breach they must be able to trigger the incident on the map in Security Desk.

You can configure this by selecting Allow manual trigger in the Incident configuration > Properties page.

Recipients
Intrusion threats must be monitored round the clock.

In the Recipients tab of the Incident configuration task, select Advanced recipient configuration. This selection ensures that the incident is dispatched to backup recipients when the intended recipients are not logged on.

Triggers
You can leverage the system triggers to automatically alert your operators to an intrusion threat. You can search for and use a combination of the predefined intrusion detection alarms in the system on the Triggers page in the Incident configuration task.

Incident triggers can be system events, such as Intrusion detection alarm activated, with conditions of selected zones.

User procedure
This incident needs a dynamic user procedure so the system and procedure can adapt to operator responses.
Automation
In this scenario, the system must automatically resolve the incident if it is a false positive and perform a series of steps for incident resolution if it is a valid threat. You can do this using a dynamic SOP.
Threat levels
For Intrusion alert incidents, you can set up system wide or location based threat levels.
States
In this example, there is a custom state configured that alerts the operators to an intrusion in the secure zone.

Incident states for Intrusion alert incidents

By default, Incident Manager in Genetec Mission Control™ has five predefined incident states:
  • New
  • In progress
  • On hold
  • Resolved
  • Closed

This scenario uses a custom state called Intrusion detected that is used to direct the system to perform a series of activities.

You can configure custom states in the Config Tool. Head to System > Roles > Incident manager > States and add a new state called Intrusion detected.
IMPORTANT: When you add custom states, ensure that you define accepted incoming states. Otherwise, an incident that transitions to your custom state is unable to transition again to another state.

Threat levels for Intrusion alert incidents

Using threat levels, you can automate a series of actions for the system to perform when a threat is detected, and another set of actions when the threat is nullified. You can configure threat levels in Config Tool by opening the System task and going to General settings > Threat levels.

user procedure for Intrusion alert incidents

Handling intrusion threats requires flexible user procedures. Some threats can be false alarms and others can be major incidents needing law enforcement. The user procedure should offer guidelines to the operators based on the type of intrusion threat.

Using Genetec Mission Control™, you can configure a single intrusion threat incident with an automation workflow and a dynamic user procedure addressing multiple scenarios to guide your operators through the incident resolution process.

While you can add contact lists, incident management guide lines and so on from the Document management page of the Incident configuration task in Config Tool, you can also use the dynamic user procedure to give your operators details of people to call:

You can also select the Force comment option for procedure steps to ensure that operators cannot move to the next step without entering comments for the step.

You can include details in the procedure step to indicate the precise details you require for that step. These operator comments are logged in the incident activity report and can be used for forensic analysis of the incident if required.