Example: Investigation by more than one administrator
This scenario shows an example of incident investigation by multiple administrators.
- An administrator creates as Incident Case element.
- The administrator delegates work to other administrators.
- Each administrator collects data and players, and attaches them to the incident case.
- An administrator reacts to contain the incident, for example, by stopping an engine or changing a Firewall policy.
- An administrator might try to eradicate the problem, for example, by installing software patches or updating anti-malware programs.
- The administrator can write a new comment in the incident journal to inform the other administrators about what has been done.
- When the problem is resolved, the administrator closes the incident case.