Respond to the Risk Event by either closing it or creating a ticket for further
investigation. Separately, you can also tune the system by excluding assets from future analysis if
the asset is irrelevant. Responding and tuning can be done on a single Risk Event or in bulk on
multiple Risk Events.
Before you begin
DDR This content is available
through the IBM
Guardium® Data Detection and Response module.
To respond to or tune a single Risk Event, select the Risk Event on the Risk
Events page and click Respond | Tune, or click Respond
| Tune on the individual Risk Event page.
To respond to or tune multiple Risk Events, select the Risk Events on the Risk Events
page and click Respond | Tune.
Procedure
- Create a ticket.
This option is available if an external ticketing system was configured and only for a single
Risk Event.
When this option is selected, the Risk Event’s details are populated in the ticket subject and
description. You can edit these fields before you save.
The Risk Event page displays the status of this ticket using the
Status label.
- Close Risk Event.
When selected, a justification field is displayed. You need
to explain why you are closing this Risk Event.
- Close Risk Event for follow-up
You can choose to remove a Risk Event from the
list of open Risk Events without closing it completely. The Risk Events module assigns the Risk
Event a follow-up status, removes it from the list, and keeps scanning for new findings in the
background. If the new findings add up to a risk score that passes the threshold, the Risk Event
reappears. If the new findings do not add up to a risk score that passes the threshold, the Risk
Event remains in status follow-up and continues to accumulate findings.
- Exclude assets from Risk Events.
Instead of or in addition to responding to a
Risk Event, you can choose to exclude assets from future evaluation and calculation of Risk Events.
If you choose to exclude assets, they are not processed, and Risk Events are not created for them.
Refer to
Risk Event settings for
details.