Streams

  • Updated
Table of Contents:

Overview

Streams are a set of filters that allow users to refine ActOns based on specific criteria. Users can use default streams or create custom streams to save time and effort by avoiding repetitive filter selection each time they search for ActOns with specific criteria. This feature ensures a more efficient and streamlined process for managing ActOns.

Switching between card and list view

The Streams interface can be customized to display information according to user preferences. By default, it opens in the card view, where users can see ActOn cards. Clicking a card opens the ActOn Workspace, allowing users to update ActOn details. Alternatively, the list view presents all ActOns in a structured list format.

To switch between views:

  1. Navigate to Resolutions > ActOns. The ActOns home page displays all available default and custom streams.
  2. Click the kebab menu, hover over Display, and select List View. By default, the card view is selected. This takes you to the ActOns list page.

Default Streams

Default streams are visible to all users. They are available by default and include the following options for filtering ActOns:

  • All Open ActOns: Displays a comprehensive list of all open ActOns.
  • Closed ActOns: Includes ActOns that have been resolved or closed.
  • New ActOns: Displays newly created ActOns.
  • My ActOns: Shows ActOns assigned to the logged-in user.
  • Critical ActOns: Shows ActOns set as high priority (P0).
  • Response Due ActOns: Displays open ActOns across all stages (Identify, Investigation, Clarification, Mitigation, Incident, Remediation, Resolution) and statuses, such as In Progress and On Hold, that have been responded to and reassigned. 
  • Re-Investigation ActOns: Lists ActOns appended with new detections requiring re-investigation. These ActOns appear in various stages, including Investigation, Incident, Mitigation, and Clarification, and in statuses like In Progress, On Hold, and Acknowledged.
  • Unassigned ActOns: Shows ActOns that have not been assigned to any user.

For example, if a user wants to view all open ActOns, they can select the All ActOns stream to retrieve the relevant list. 

Custom Streams

Custom streams provide flexibility by allowing users to create streams tailored to their specific business needs. Users can apply various filters to customize their streams. The available filters include:

  • ActOn Type: Filter ActOns by their type, such as Security or Digital Ops.
  • Status: Filter ActOns by their current status, such as New, Acknowledged, In Progress, On Hold, Healed, Resolved and Closed. 
  • Priority: Filter ActOns by priority levels, such as P0 (high priority).
  • Stage: Filter ActOns by their lifecycle stage.
  • Functions: Filter ActOns by associated functions.
  • Signal Source: Filter ActOns by the source of the signal that triggered them.
  • Tags: Filter ActOns based on associated tags.
  • Class and Sub-Class: Filter ActOns by their classification and sub-classification.
  • Category and Sub-Category: Filter ActOns by their category and sub-category.
  • Escalation Triggered: Filter ActOns that have triggered an escalation.

Custom streams enable users to save these filter configurations, making it easier to retrieve ActOns matching the criteria without manually applying filters every time. For more information, see Creating a Stream.

Sub-Streams

Sub-streams are a feature within streams that enable more granular filtering. Users can create sub-streams under a parent stream, but the filters already applied in the parent stream remain intact. Sub-streams allow users to select only the filters that have not yet been applied in the parent stream. They are ideal for further narrowing down ActOns within the specific context defined by the parent stream. For more information, see Creating a Sub-Stream.

Creating a Stream

Use these steps to create a stream with a set of filters.

To create a stream:

  1. Navigate to Resolutions > ActOns. The ActOns home page displays all available default and custom streams.

  2. Click Create Stream. This opens the Create Stream popover.

  3. Provide the following details:

    • Name: Enter a unique name for the stream.
    • Description: Add a description to explain the purpose of the stream.
    • Filters: Select the filters to apply. Available filter options include:
      • ActOn Type
      • Status
      • Priority
      • Stage
      • Functions
      • Signal Source
      • Tags
      • Class
      • Sub-Class
      • Category
      • Sub-Category
      • Escalation Triggered

4. Click Save to create the stream.

Example:

If you want to view high-priority (P0) ActOns of type Security with a status of New, create a stream with these filter criteria. This will allow you to retrieve the desired ActOns directly without repeatedly applying these filters.

Editing a Stream

Use this procedure to modify stream details to update filters or descriptions as needed. 

To modify stream details:

  1. Navigate to Resolutions > ActOns. The ActOns home page displays all available streams.
  2. Hover over the stream you want to edit. The kebab menu (three dots) will appear.
  3. Select Edit from the kebab menu. This opens the Edit Stream popover.
  4. Update the stream’s details, including filters and description.
  5. Click Update to save the changes.

Deleting a Stream

Use this procedure to remove a stream that is no longer required.

To delete a stream:

  1. Navigate to Resolutions > ActOns. The ActOns home page displays all available streams.
  2. Hover over the stream you want to delete. The kebab menu will appear.
  3. Select Delete from the kebab menu. Note: Deleting a stream will also delete all its associated sub-streams.
  4. Confirm the deletion by clicking Yes.

Creating a Sub-Stream

Sub-streams can be created within a parent stream for granular filtering. Follow these steps to create a sub-stream:

  1. Navigate to Resolutions > ActOns. The ActOns home page displays all available streams.
  2. Hover over the custom stream where you want to create a sub-stream. The kebab menu will appear.
  3. Select Create Sub-Stream to open the Create Sub-Stream popover.
  4. Provide the following details:
    • Name: Enter a unique name for the sub-stream.
    • Description: Add a description to explain the purpose of the sub-stream.
    • Filters: Select the filters to apply for granular-level filtering. Available options include:
      • ActOn Type
      • Status
      • Priority
      • Stage
      • Functions
      • Signal Source
      • Tags
      • Class
      • Sub-Class
      • Category
      • Sub-Category
      • Escalation Triggered

Note: The filters and their selected values inherited from the parent stream are displayed in disabled mode, meaning they cannot be modified or removed. This restriction ensures the integrity of the parent stream's criteria is maintained, enabling sub-streams to focus exclusively on additional filtering without altering the parent stream's filters. You can view the filters by clicking the applied filters option in the table view. 

5. Click Save to create the sub-stream.

Actions on Sub-Streams

Editing a Sub-Stream:

Use this procedure to add or remove filters in a sub-stream. 

To edit a sub-stream:

  1. Hover over the sub-stream to reveal the kebab menu.
  2. Select Edit to open the Edit Sub-Stream popover.
  3. Update the details and click Update to save changes.

Deleting a Sub-Stream:

Use this procedure to remove a sub-stream. 

To delete a sub-stream

  1. Hover over the sub-stream to reveal the kebab menu.
  2. Select Delete to remove the sub-stream permanently.

https://support.netenrich.com/hc/en-us/articles/25545814062493-Watchers-for-ActOns

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.