Example: Investigation by more than one administrator

This scenario shows an example of incident investigation by multiple administrators.

1. An administrator creates as Incident Case element.
2. The administrator delegates work to other administrators.
3. Each administrator collects data and players, and attaches them to the incident case.
4. An administrator reacts to contain the incident, for example, by stopping an engine or changing a Firewall policy.
5. An administrator might try to eradicate the problem, for example, by installing software patches or updating anti-malware programs.
   • The administrator can write a new comment in the incident journal to inform the other administrators about what has been done.
6. When the problem is resolved, the administrator closes the incident case.