Detection & Response

The Case List screen in the SmartWAN Portal, accessible under the "Detection & Response" section, provides a detailed list of cases generated by analyzing event logs. This screen allows users to view and manage security and network-related incidents efficiently.

• Filters and Search:
  • Customer and Asset Selection: Dropdown menus at the top (e.g., "Select a customer," "Select an asset") to filter cases by specific customers or assets.
  • Date Range: A date picker to filter cases within a specific time period (e.g., 2024/09/30 - 2024/10/30).
  • Advanced Search: A button on the right to access advanced search options for more granular filtering.
• Case Summary:
  • Displays the total number of cases (e.g., 279 cases) and the total results (e.g., 2,193 cases) for the selected filters.
• Case Table:
  • A table listing cases with columns such as:
    • Event Type: Type of event (e.g., Raw Packet).
    • Source Asset: Source of the event.
    • Destination Asset: Destination of the event.
    • Rule: Applied rule.
    • Source IP: Source IP address.
    • Destination Port: Destination port.
    • Time: Timestamp of the event.
    • Raw Packet: A column with a clickable icon to view raw packet details (e.g., BSX525D9252F...).
• Notification Settings:
  • A "Notification Settings" button at the top-right corner to configure alert preferences.

Customer Selection:

• Dropdown Menu: Displays a list of available customers (e.g., SK Telecom, Samsung Electronics, KT&G, Ericsson, Coca Cola, General Electric, BMW).
• Action: Click the "Select a customer" dropdown to choose a customer, filtering the case list to show only cases related to the selected customer.

Multi-Tenant Support:

• Each customer is represented, indicating secure separation of data in the multi-tenant environment.
• The associated assets for the selected customer are displayed.

The Alert Subscription Settings screen in the SmartWAN Portal allows users to customize how they receive notifications for cases. This screen is accessed by clicking the "Notification Settings" button on the Case List screen.

Users can configure various aspects of alert subscriptions, including the type of notifications, severity levels, assignees, recipients, and additional metadata, ensuring they are informed about relevant cases in a timely manner.

Subscription Information:

• Title: A text field to enter a custom title for the alert subscription.
  • Type: Checkboxes to select the type of notifications:
  • Notify on case opening: Sends an alert when a new case is created.
  • Notify on case progress: Sends an alert when a case’s status is updated.
• Severity Level: Radio buttons to select the severity level of cases to be notified about.

Assignee and Recipient Management:

• Assignee: Displays a list of users assigned to receive alerts, including:
  • Name: The assignee’s name (e.g., Bryan Ga, Timo Choi, Jay Cho, Leonardo DiCaprio).
  • Assigned Role: The role of the assignee (e.g., Administrator, Customer, Engineer).
  • Email Address: The assignee’s email (e.g., [email protected]).
  • Actions: Options to "Change Assignee" (reassign to another user) or "Remove Entry" (delete the assignee from the list).
• Recipient: Displays a list of additional recipients for alerts, with similar details and actions as the Assignee section.
• Add to Entry: A button to add new assignees or recipients to the subscription list.

Additional Fields

• Additional fields can be defined by users.