OTRS Academy » Dokumentáció » STORM kézikönyv » Processes

Processes

január 5, 2024

STORM comes with built-in processes for event triage, incident handling and task handling. All processes are invalid by default, and they have to be activated by an administrator first. However, each process has dependencies like ACLs, dynamic fields, queses, ticket notifications, ticket types, which have to be activated before the process itself has been activated.

This chapter explains how to make the processes work.

Beállítás

The processes can be activated in the Process Management screen of the administrator interface. All processes are inactive by default.

To activate the Event Triage process:

  1. Go to the Queues screen of the administrator interface.

  2. Set the Incidents queue to valid.

  3. Go to the Dynamic Fileds screen of the administrator interface.

  4. Set the following dynamic fields to valid.

    • EventClassification

    • IncidentTicket

    • ProcessHelper

  5. Go to the Access Control Lists (ACL) screen of the administrator interface.

  6. Set the following ACLs to valid.

    • Event 001 - Forbid Actions

    • Event 001 - Forbid ActionsLimit DF Event Classification

  7. Deploy all ACLs.

  8. Go to the Process Management screen of the administrator interface.

  9. Set the Event Triage process to valid.

  10. Deploy all processes.

To activate the Incident Handling process:

  1. Go to the Types screen of the administrator interface.

  2. Set the following types to valid.

    • Event

    • Incident

    • Task

  3. Go to the Dynamic Fileds screen of the administrator interface.

  4. Set the following dynamic fields to valid.

    • AnalysisResult

    • EnisaSecurityIncidentClassification

    • ISO

    • KRITISSituationAssessment

    • KRITISTaxonomy

    • LessonsLearned

    • ProcessHelper

    • RemediationAdvice

    • SendAdvice

    • TaskBody

    • TaskName

    • TaskRecipient

    • TaskResult

    • TaskSubject

    • TechContact

    • TLP

  5. Go to the Ticket Notifications screen of the administrator interface.

  6. Set the following ticket notifications to valid.

    • Incident: Send Mitigation & Remediation Advice - TLP Amber

    • Incident: Send Mitigation & Remediation Advice - TLP Green

    • Incident: Send Mitigation & Remediation Advice - TLP Red

    • Incident: Send Mitigation & Remediation Advice - TLP White

  7. Go to the Access Control Lists (ACL) screen of the administrator interface.

  8. Set the following ACLs to valid.

    • Incident 001 - Hide Actions and Dialogues

    • Incident 002a - Show Next Button in Analysis phase step 1

    • Incident 002b - Show Next Button in Analysis phase step 2

    • Incident 003a - Show Next Button in Mitigation phase step 1

    • Incident 003b - Show Next Button in Mitigation phase step 2

    • Incident 004 - Show close button

    • Incident 005 - Hide Kritis Taxonomy

    • Incident 005 - Show Kritis Taxonomy

  9. Deploy all ACLs.

  10. Go to the Process Management screen of the administrator interface.

  11. Set the Incident Handling process to valid.

  12. Deploy all processes.

To activate the Task Handling process:

  1. Go to the Types screen of the administrator interface.

  2. Set the following types to valid.

    • Incident

  3. Go to the Dynamic Fileds screen of the administrator interface.

  4. Set the following dynamic fields to valid.

    • TaskName

    • TaskResult

  5. Go to the Access Control Lists (ACL) screen of the administrator interface.

  6. Set the following ACLs to valid.

    • Task 001 - Hide Actions

  7. Deploy all ACLs.

  8. Go to the Process Management screen of the administrator interface.

  9. Set the Task Handling process to valid.

  10. Deploy all processes.

Console Command

There is a console command to list, enable and disable the process groups. Execute the command with the --help option for detailed instructions about how it works.

$ bin/otrs.Console.pl Maint::STORM::ProcessGroups::Toggle --help

Enable/Disable a process group and its dependencies

Usage:
 otrs.Console.pl Maint::STORM::ProcessGroups::Toggle [--name ...] [--list] [--enable] [--disable]

Options:
 [--name ...]                   - Name of the process group (all if omitted).
 [--list]                       - List all process groups.
 [--enable]                     - Enable the process group.
 [--disable]                    - Disable the process group.
 [--help]                       - Display help for this command.
 [--no-ansi]                    - Do not perform ANSI terminal output coloring.
 [--quiet]                      - Suppress informative output, only retain error messages.

Használat

We developed the processes based on best practices. We also know that every customer has different workflow, so it might be that the processes have to be customized before deploy them and use them in production. Please consult with our experts before activating a process.

The general usage of processes are explained in the Administrator Manual. For detailed usage of the process above ask the Customer Solutions Team.

FacebookXEmailLinkedIn
Scroll to Top