Responding to a Risk Event

Respond to the Risk Event by either closing it or creating a ticket for further investigation. Separately, you can also tune the system by excluding assets from future analysis if the asset is irrelevant. Responding and tuning can be done on a single Risk Event or in bulk on multiple Risk Events.

Before you begin

DDR This content is available through the IBM Guardium® Data Detection and Response module.

To respond to or tune a single Risk Event, select the Risk Event on the Risk Events page and click Respond | Tune, or click Respond | Tune on the individual Risk Event page.

To respond to or tune multiple Risk Events, select the Risk Events on the Risk Events page and click Respond | Tune.

Procedure

  • Create a ticket.

    This option is available if an external ticketing system was configured and only for a single Risk Event.

    When this option is selected, the Risk Event’s details are populated in the ticket subject and description. You can edit these fields before you save.

    The Risk Event page displays the status of this ticket using the Status label.

  • Close Risk Event.
    When selected, a justification field is displayed. You need to explain why you are closing this Risk Event.
  • Close Risk Event for follow-up
    You can choose to remove a Risk Event from the list of open Risk Events without closing it completely. The Risk Events module assigns the Risk Event a follow-up status, removes it from the list, and keeps scanning for new findings in the background. If the new findings add up to a risk score that passes the threshold, the Risk Event reappears. If the new findings do not add up to a risk score that passes the threshold, the Risk Event remains in status follow-up and continues to accumulate findings.
  • Exclude assets from Risk Events.
    Instead of or in addition to responding to a Risk Event, you can choose to exclude assets from future evaluation and calculation of Risk Events. If you choose to exclude assets, they are not processed, and Risk Events are not created for them. Refer to Risk Event settings for details.