Getting started in incident response

You access the SOAR Platform from a web browser. Your administrator provides you with the URL and login information.

Before you log in, make sure that you are using a supported web browser, which is the current release or one release back of each of the following browsers: Chrome, Firefox, Safari, and Edge.

When you change your password, the password must be at least 15 characters in length and contain at least two character types: lowercase, uppercase, number, special character (including space). The password cannot contain a user’s first name, last name, display name or email address, and cannot match any password from the previous 2 years.

When you first log in, you see the Activity Dashboard for your SOAR organization. An organization is a self-contained area within the SOAR Platform for managing incidents. The name of the organization appears underneath your username. If you are a member of multiple organizations, you can switch between organizations. As each organization is separate, you must specifically select the organization to see that organization's incidents. You can click the menu item icon next to your username. In the menu, under Switch Organization, you see a list of organizations that you can access.

At any time, you can access the documentation and Support information by selecting Help/Contact from the system menu. There is also a link to the documentation and Support on the Activity Dashboard page.

The SOAR Platform supports a number of languages. You can change the language by setting your web browser to your preferred language. If none of the languages you set in your browser are supported, the English language is shown.

SOAR platform Activity Dashboard

The Activity Dashboard is the default page when you log in.

To access the Activity Dashboard, on the top menu bar, click Dashboards > Activity Dashboard. On that same menu, you can choose the Analytics Dashboard. The My Tasks dashboard shows only the tasks that are assigned to you.

The following sections are available on the Activity Dashboard:
  • News Feed

    Provides up-to-the-minute activity updates for all incidents for which you are a member.

    To view only specific actions in the News Feed, click the Show Types menu. In addition, each incident might also have a News Feed tab that shows only the activities for that incident.

  • Tasks Due Soon

    Displays tasks that are assigned to you that are due within the next 7 days. Click the task to go directly to that task and incident.

    Tasks that are assigned to a group of which you are a member are not shown. To see all of your tasks, in the menu bar, click Dashboards > My Tasks. This list shows all of your tasks, including those tasks that are assigned to a group of which you are a member.

  • Generated Downloads

    Shows a list of downloads that are available for you to download.

    The list includes only those items that you selected to be notified about by email. You can delete a download if you no longer need it.

Configuring personal settings in My Settings

Use the My Settings menu to configure your personal settings. For example, you can select a theme for displaying the user interface and you can configure your notifications settings.

You can edit your personal settings by selecting My Settings from the system menu, as shown in the following graphic.

In the My Settings page, you can access the following items:
  • My Profile

    You can update basic profile information such as name, title, and phone numbers. Click Edit then make the changes and select Save.

  • Notifications

    You can receive a notification when an activity occurs that involves you, such as being assigned a task or incident. Each notification on the Notifications page has an information icon, which you can hover over for details. You do not receive notifications for actions that you instigate; for example, you do not receive Task Closed notifications for tasks that you close.

    For each notification, you can choose to be notified by email, alert icon in the toolbar, both or neither, by clicking the checkbox next to the appropriate icon.

    If you choose to be notified by the alert icon in the toolbar, you see a number by the globe icon next to the left of your username whenever notifications are available. The previous screen capture shows six notifications. You can click the globe icon to review the notifications.

  • Change Password

    Use the feature to change your password.

Viewing the My Tasks list

The My Tasks page lists the tasks that are assigned to you or a group of which you are a member, regardless of incident.

To view your tasks, click Dashboards then My Tasks in the menu bar.

The My Tasks page contains many of the same features as the incident Task tab, including the following:
  • Hover over the clipboard icon to see whether the task is generated by the system or added by a user.
  • You can click the circle and check mark icon to mark a task as completed.
  • Hover over the task name to see its instructions.
  • Owner column. Click the down arrow to reassign the task. The menu lists only those users who are members of the incident and groups who are members of the incident and are enabled to be task owners. When you save your changes, the assignees receive a notification.
  • Due Date column. Click the date to change or assign a due date.
  • Flags column, notes icon. Displays the number of notes added to the task. Click the icon to open the task and view or add notes.
  • Flags column, attachments icon. Displays the number of attachments added to the task. Click the icon to open the task and view or add attachments.
  • Actions column. Click […] to see the available actions for the task. Click the action to run it.

See the Tasks section for details about managing tasks.

SOAR Wiki and Resource Library

If your administrator provides additional information, you can access it by selecting Wiki from the system menu.

The SOAR Wiki contains the Resource Library, which is described in the Breach section. It also contains any wiki pages.

You can add a link to any wiki page in an incident and task notes.

The following screen capture shows the Wiki with the Resource Library and a wiki page.

example of wiki

If you have permission to create and edit wiki pages, you see and click New Page to add a page. Enter a name for the page and add content. You can also make this wiki page a child of another wiki page by selecting the name of the page in the Parent field.

When you enter content, you can use the following features:
  • Rich text editor tools (font type, bold, italic, and more) for style.
  • Click the table icon to add a table.
  • To add a link, highlight text and click the link icon then enter the URL.
  • Click the photo icon to include pictures.
  • Click the widget icon (widget button) to include SOAR statistical data from the dashboard. Choose the type of data that you want to have in the wiki page. The data updates whenever a user opens the page. If you are unsure of what data a widget contains, enter the widget and click Create. You can see the data in the newly created page, which you can edit later.
  • Click the wiki icon icon to enter links to other wiki pages. Typing a left bracket ([) in the text editor box also displays the wiki links.

The page name appears in the list of wiki pages on the left after you click Create. Child wiki pages are shown under their parent page. All users can view all wiki pages.

You can change the order and hierarchy of the wiki pages by clicking Manage and dragging each wiki page.

To delete a wiki page, open it and click Edit. Then, click the delete icon.