Sprinto Dashboard

Resolving_Incident_Tickets_(PagerDuty)

Introduction:

Sprinto fetches the details from the integrated PagerDuty account about the logged incident tickets and list them on Sprinto platform with the following details:

Section

Details

Incident

Title of the logged ticket from the source IMS.

Reported on

The date incident ticket is created.

Severity

Based on the logged incident ticket details following status is tagged to the tickets: *High *Low

Status

Current status of the logged ticket, following are the status ticket can have: * Triggered: Ticket is in open status *Resolved: Ticket is in closed status

Data Loss

Reflects if there is any form of data loss from the logged incident, the following can be status for the data loss: * Yes * No

Action

Action that can be taken against the logged incident ticket. Following status can be there for action: * Manage: Can take action to close * View: Can view the details of the logged incident ticket

Checks

Status of the monitored check. Following status the monitor check can have: * Failing: * Passing:

The following procedure describes about how to resolve the incident tickets logged though the PagerDuty platform.

Note: Sprinto tracks the incident tickets logged on integrated PagerDuty account. You cannot resolve the incident tickets directly from the Sprinto platform.

Prerequisites:

  • Logged in on Sprinto as an administrator.

  • Configured PagerDuty account on Sprinto, refer to

Configure PagerDuty for Incident Ticket Management

Procedure:

Step 1: Navigate to Security Hub > Incident, then select the PagerDuty tab.

Step 2: Select the desired open incident ticket and click on Manage.

Step 3: Review the incident ticket details.

Step 4: Click on Go to Pagerduty to direct to the PagerDuty account.

Step 5: Resolve the incident ticket.

Refer to resolve an incident.

Note: If there is a data loss through the incident, mention the word “dataloss/data loss” in the closing note of the incident ticket on PagerDuty. This is important for Sprinto to detect the data loss incidents and manage a dataloss reporting incident ticket.

Step 6: If the resolved incident ticket has the word “dataloss/ data loss” mentioned in the closing notes on PagerDuty, do the following steps:

Note: If there is a data loss from the resolved incident ticket on PagerDuty, a new monitor gets tagged to the resolved incident ticket asking to report the data loss.

  1. Click on Manage next to the incident ticket under the PagerDuty tab.

    Note: The new created ticket is regarding the data loss reporting from the previously closed incident ticket, and need to be resolve from the Sprinto platform. This ticket cannot be seen on the integrated PagerDuty account.

  2. Select the following option:

    • No: If there is no data loss from the incident.

    • Yes: If there is any kind of data loss from the incident:

  3. If you selected "yes" for data loss, choose the type of data loss from the available options.

  4. Notify the respective stakeholder about the data loss, and select the checkbox to acknowledge the data loss reporting.

    Data loss type

    Reporting stakeholder

    Customer data received from business partner

    Business partner

    Confidential corporate data

    Senior management

    Personal data collected by Sprinto

    Relevant authorities based on lost data type (For EU, report at GDPR)

    Protected Health Information (PHI)

    HIPAA

    Cardholder data

    Card issuing bank

    Other data

    Affected party or relevant authorities

  5. Click on upload evidence to upload the evidence for the data loss reporting.

    Note: You can attach the data loss reporting email or reporting reference number as a evidence in the supported file format.

  6. If required, enter any closing note regarding the incident.

  7. Click on Close Incident.

Result:

On successful ticket solution, incident ticket status changed to resolved.

PreviousReport_an_Incident_Ticket_(Sprinto)NextResolving_Incident_Ticket_(Sprinto)