Safety production cases, examples of safety

In 2006, 12 boys and 10 girls were playing by the river in a primary school, with 10 boys downstream and girls upstream. In the end, after all-out rescue, 2 people were rescued, and 8 people unfortunately drowned. Example 2:

7 girls from a primary school came to the river to play, 6 people went into the water, 5 people unfortunately drowned, a girl on the bank of the river urgently called for help, it happened that middle school student Yang Bin passed here, heard the call for help and jumped into the river to save people, and finally failed to die due to physical exhaustion, and lost his precious life.

1. Safety case management.

Security case management provides a way for security analysts engaged in threat hunting to gather information about suspicious activity in their environment. Records related to the case, such as security incidents, observables, CIS, and affected users, can be added to the case for broad and specific analysis.

Analytic trail-sensitive personnel can easily analyze records and relevant information to assess whether they are exposed to targeted activities, advanced persistent threats, and more.

Security cases can be created on your instance from a variety of sources, including security case management, security incident response, and threat intelligence. You can also create use cases from the configuration items [cmdb-ci] and users [sys-user] tables and the affected users, respectively. After a case is created, each of these resources can be used to add valuable analytics resources to an existing case.

Each security case consists of three main sections, a title section, a section with additional case details, and a case artifact section with a collection of records that help build parameters to identify and act on specific threats.

2. Case Title.

The header part of the case.

The case header provides basic information for identifying and classifying security cases. The case number uses the SCA prefix.

3. Details of the attached case.

Additional Case Details Unit.

The additional case details section provides information specific to the analysis that has been performed on the case, including its current status, as well as work notes and activities that have been recorded for the case.

Fourth, the case artifact.

Case artifact section.

The Case Artifacts section provides a series of tabs for information that are included in the security case.

You can perform a search within the content of each tab. You can also exclude specific records that have been assessed as safe or that are not valuable in your investigation. Excluded records are not deleted, but are hidden from view.

If you want, you can review the excluded records and add them back.

In each tab, you can click the Additional Details (Additional Details) icon to display information about the selected record. For example, if you click the Configuration Items tab to view the Configuration Items Explorer, and click Additional Details for a specific CI, you can view the events, vulnerabilities, and comments related to that CI.

5. Case artifacts-related details.

You can also select a record and click the annotate button for the artifact related to the case to add the annotation to the record. Annotations are simply annotations that each analyst can make on a particular artifact.