Export Incident Details From CFTR to Expedite Security Collaboration

Export Incident Details From CFTR to Expedite Security Collaboration - Featured Image

CFTR Aug 27, 2020

Incident response (IR) is a collaborative effort across different security functions within an organization. The Cyware Fusion and Threat Response (CFTR) platform version 2.4 facilitates this process by providing a comprehensive feature to select a set of incident fields and attributes, and export them in a report format which can be easily shared across teams.

How does this feature work?

  • CFTR Admins can go to the “Template Management” module and create custom templates by selecting incident attributes such as stages of the incident response cycle, and incident response attributes such as actions, enhancements, etc.

  • Admins can create export templates with custom assigned logos, that can be made available to users.

  • Users can define the Traffic Light Protocol (TLP) for exported data.

  • Users can also view and export incident details, subject to their access level permissions, in PDF format using available export templates.

How does it benefit security teams?

  • Security teams need to cross-collaborate with IT teams, network administrators, developers, and senior management while coordinating responses for different incidents.
  • The capability to export incident details in a human-readable format enables quick consumption of incident information by various stakeholders and makes it easy to communicate relevant information on critical threats.
  • Based on the roles and responsibilities of different stakeholders, users can share the appropriate information that can help them take quick decisions and actions at different stages of the incident response cycle.
  • Exporting Incident details can also help in the learning phase, cost assessment, and further improvement of existing IR processes over time by contributing to the organization’s shared knowledge base.
  • Furthermore, Managed Security Service Providers (MSSPs) can use the custom templates to provide detailed incident reports for their different clients and prepare regulatory compliance incident reports.

The bottom line

Security operations is anything but a siloed process. Keeping this in mind, this feature has been designed to promote collaboration, enable effective communications across all incident response stakeholders, and improve IR processes continually.

Related Blogs

Flex Your Threat Response Queries with Cyware Query Language (CQL) - Featured Image

Flex Your Threat Response Queries with Cyware Query Language (CQL)

When it comes to managing a large number of threat data, security analysts have a lot on their plate. It is a cumbersome task to find relevant data just by usin

CFTRUse CaseCyware Query Language (CQL)
Don’t Miss Any Critical Task in Incident Response! Auto-Create Actions Now. - Featured Image

Don’t Miss Any Critical Task in Incident Response! Auto-Create Actions Now.

When an incident occurs, security teams create and define actions manually, which increases their [mean time to respond (MTTR)](https://cyware.com/educational-g

Cyware Fusion and Threat Response (CFTR)CFTRUse CaseAction library
Information Sharing for Incident Response Teams is Now Easy with Cyware’s Slack Integration - Featured Image

Information Sharing for Incident Response Teams is Now Easy with Cyware’s Slack Integration

With more security teams working remotely than ever before, team collaboration and communication often become patchy. In our latest release, we have integ

Slack IntegrationCyware Fusion and Threat Response (CFTR)CFTRUse Case