Processes

STORM comes with built-in processes for event triage, incident handling and task handling. All processes are invalid by default, and they have to be activated by an administrator first. However, each process has dependencies like ACLs, dynamic fields, queues, ticket notifications, ticket types, which have to be activated before the process itself has been activated.

This chapter explains how to make the processes work.

Setup

The processes can be activated in the Process Management screen of the administrator interface. All processes are inactive by default.

To activate the Event Triage process:

  1. Go to the Queues screen of the administrator interface.

  2. Set the Incidents queue to valid.

  3. Go to the Dynamic Fields screen of the administrator interface.

  4. Set the following dynamic fields to valid.

    EventClassification
    IncidentTicket
    ProcessHelper
    
  5. Go to the Access Control Lists (ACL) screen of the administrator interface.

  6. Set the following ACLs to valid.

    Event 001 - Forbid Actions
    Event 001 - Forbid ActionsLimit DF Event Classification
    
  7. Deploy all ACLs.

  8. Go to the Process Management screen of the administrator interface.

  9. Set the Event Triage process to valid.

  10. Deploy all processes.

To activate the Incident Handling process:

  1. Go to the Types screen of the administrator interface.

  2. Set the following types to valid.

    Event
    Incident
    Task
    
  3. Go to the Dynamic Fields screen of the administrator interface.

  4. Set the following dynamic fields to valid.

    AnalysisResult
    EnisaSecurityIncidentClassification
    ISO
    KRITISSituationAssessment
    KRITISTaxonomy
    LessonsLearned
    ProcessHelper
    RemediationAdvice
    SendAdvice
    TaskBody
    TaskName
    TaskRecipient
    TaskResult
    TaskSubject
    TechContact
    TLP
    
  5. Go to the Ticket Notifications screen of the administrator interface.

  6. Set the following ticket notifications to valid.

    Incident: Send Mitigation & Remediation Advice - TLP Amber
    Incident: Send Mitigation & Remediation Advice - TLP Green
    Incident: Send Mitigation & Remediation Advice - TLP Red
    Incident: Send Mitigation & Remediation Advice - TLP White
    
  7. Go to the Access Control Lists (ACL) screen of the administrator interface.

  8. Set the following ACLs to valid.

    Incident 001 - Hide Actions and Dialogues
    Incident 002a - Show Next Button in Analysis phase step 1
    Incident 002b - Show Next Button in Analysis phase step 2
    Incident 003a - Show Next Button in Mitigation phase step 1
    Incident 003b - Show Next Button in Mitigation phase step 2
    Incident 004 - Show close button
    Incident 005 - Hide Kritis Taxonomy
    Incident 005 - Show Kritis Taxonomy
    
  9. Deploy all ACLs.

  10. Go to the Process Management screen of the administrator interface.

  11. Set the Incident Handling process to valid.

  12. Deploy all processes.

To activate the Task Handling process:

  1. Go to the Types screen of the administrator interface.

  2. Set the following types to valid.

    Incident
    
  3. Go to the Dynamic Fields screen of the administrator interface.

  4. Set the following dynamic fields to valid.

    TaskName
    TaskResult
    
  5. Go to the Access Control Lists (ACL) screen of the administrator interface.

  6. Set the following ACLs to valid.

    Task 001 - Hide Actions
    
  7. Deploy all ACLs.

  8. Go to the Process Management screen of the administrator interface.

  9. Set the Task Handling process to valid.

  10. Deploy all processes.

Console Command

There is a console command to list, enable and disable the process groups. Execute the command with the --help option for detailed instructions about how it works.

$ bin/otrs.Console.pl Maint::STORM::ProcessGroups::Toggle --help

Enable/Disable a process group and its dependencies

Usage:
 otrs.Console.pl Maint::STORM::ProcessGroups::Toggle [--name ...] [--list] [--enable] [--disable]

Options:
 [--name ...]                   - Name of the process group (all if omitted).
 [--list]                       - List all process groups.
 [--enable]                     - Enable the process group.
 [--disable]                    - Disable the process group.
 [--help]                       - Display help for this command.
 [--no-ansi]                    - Do not perform ANSI terminal output coloring.
 [--quiet]                      - Suppress informative output, only retain error messages.

Usage

We developed the processes based on best practices. We also know that every customer has different workflow, so it might be that the processes have to be customized before deploy them and use them in production. Please consult with our experts before activating a process.

The general usage of processes are explained in the Administrator Manual. For detailed usage of the process above ask the Customer Solutions Team.

Scroll to Top