Forum Discussion
Sentinel Incident Priority Mapping to SIR
Hi , we are working on implementing SIR module within our ServiceNow platform. And we have 5 level of priority within SIR (Critical, High, moderate, low, Planning) whereas sentinel has only 4 priorities (informational, Low, Medium, High). Interested to know how other organizations have handled and mapped these priorities. Thanks in advance.
Take this:
- Direct Mapping: Map Sentinel's priorities directly to SIR's priorities based on severity levels. For example:
- Sentinel: Informational -> SIR: Planning
- Sentinel: Low -> SIR: Low
- Sentinel: Medium -> SIR: Moderate
- Sentinel: High -> SIR: High
- Sentinel: Critical -> SIR: Critical
- Custom Logic: Implement custom logic to handle more nuanced mappings. For instance, you could use additional context from the incident, such as the type of threat or affected systems, to determine the appropriate SIR priority.
- Thresholds: Define thresholds for each Sentinel priority level and map them to SIR priorities. For example, you could set a threshold for what constitutes "High" severity in Sentinel and map it to "High" in SIR.
- User Input: Allow users to manually adjust the priority mapping when necessary. This can be useful for edge cases where automatic mapping might not be accurate.
- Feedback Loop: Continuously monitor and adjust the mappings based on feedback from your security operations team. This helps ensure that the mappings remain relevant and effective over time.
- Direct Mapping: Map Sentinel's priorities directly to SIR's priorities based on severity levels. For example:
