Strata Cloud Manager
Incident Settings Framework
Table of Contents
Incident Settings Framework
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Strata Cloud Manager uses a set of default settings and your custom settings to
evaluate configurations and settings within your cloud infrastructure. It identifies
deviations from best practices or compliance requirements. The security posture settings
in Strata Cloud Manager cover various domains, including Security Best Practice &
Compliance, Network Best Practice & Compliance, and Infrastructure
Best Practice & Compliance.
When Strata Cloud Manager detects deviations, it provides actionable insights
and remediation recommendations. It can even automate parts of the correction process to
help you maintain a secure and compliant cloud environment with minimal manual
intervention.
To view, manage, and customize incident settings, go to Incidents >
Incidents > Settings.
Here is the workflow for an incident setting:
- An event or anomaly is detected.
- Strata Cloud Manager generates an Incident Code.
- The incident matches the relevant Incident Settings.
- The system determines the action: raise or suppress.
- A notification is sent out based on the Notification profiles attached to the Incident Settings.
Here are the key features:
Control Incident Visibility
Customize your incident view by adjusting default settings and creating custom
ones. You can view all default incidents across each product domain, categorized by type
and severity, along with their raise and clear conditions. This allows you to suppress
irrelevant incidents, modify notification settings, or create custom checks, ensuring
you only focus on incidents that matter to your deployment.
Customize Incident Settings
From the Incident Settings interface, you can customize various aspects of
incidents, including which categories, subcategories, or specific incident codes to
monitor.
You can also:
- Modify raise and clear conditions for individual incident codes.
- Specify which objects to monitor.
- Set priority levels from P1 through P5.
- Configure actions such as:
- Suppressing incidents permanently or temporarily during maintenance windows.
- Configuring notifications via email, webhooks, or ITSM integrations.
Create Custom Checks
Create custom checks on one or more objects using supported metrics with
specific raise and clear conditions, and attach notification profiles as needed.
Troubleshoot and Audit
The interface provides comprehensive search capabilities across all detections
by category, subcategory, product, code, object, or notification profile. This helps you
troubleshoot incident generation and notification behavior.
All configuration changes are audited, providing visibility into who made the
changes and when. If needed, you can reset to factory defaults for all detections or for
specific categories, subcategories, product domains, or individual detection codes.
Settings summary view:
Here’s the summarized view of all settings:
- Settings Count Summary: Displays the total number of default and custom settings, with a breakdown of raised and suppressed settings.
- Hit Count Tracking: Monitors the frequency of incident triggers to facilitate fine-tuning of detection rules.
- Custom and Default Settings List: Provides a comprehensive list of all incident settings.