Security Incident Notification Intent

Updated by Stephen Boss

Security Incident Notification Intent

The Security Incident Notification intent allows users to report security incidents or request assistance in handling potential security issues. This intent gathers essential details to help the security team investigate and resolve incidents efficiently.

Use Cases

  • Reporting data breaches, phishing attempts, or unauthorized access.
  • Providing key details about affected systems, users, and actions taken.
  • Streamlining the escalation process for IT security teams.

Configuration Guide

1. Create the Intent

  1. Navigate to Magic AI > Agent > Catalog.
  2. Click Create Intent.
  3. Input the following details:
    • Intent Name: Security Incident Notification
    • Description:

      A request to report a security incident or alert, or to request assistance in handling a potential security issue, either for oneself or on behalf of another user.

    • Who can use this intent: Select All clients or adjust as needed.

2. Configure Arguments

Below is the configuration for required form fields, matching the screenshots:

Argument Name

Description

Type

Required

Incident Type

Ask this question before any others. Ask the type of security incident the user is reporting. If you already know the answer, don’t ask. (Virus/Malware, Phishing Attempt, Unauthorized Access, Data Breach, Suspicious Activity, Other)

Multiple choice

Yes

Description of Incident

Please provide a detailed description of the security incident or issue.

Textfield

Yes

Affected Systems

Ask which systems, devices, or accounts the user believes are affected. If the user already mentioned the affected systems, use that.

Textfield

Yes

Time of Incident

When did you first notice the security issue?

Date

Yes

Incident Reported For

Who are you reporting this security incident for? (Self, Someone Else)

Multiple choice

Yes

Full Name

Ask the name of the user affected by the incident; if the user is reporting for themselves, use their name.

Textfield

Yes

Email Address

Ask the email of the user affected by the incident; if the user is reporting for themselves, use their email.

Textfield

No

Steps Taken

Have you taken any steps to address the issue? If so, please describe them.

Textfield

No

Additional Details

Are there any additional details or special instructions?

Textfield

No

3. Configure External Reply

If applicable, guide the user on the next steps to address the issue and confirm that the details provided will be reviewed by the security team.

4. Configure Automation

If needed, set up automation by specifying the appropriate API URL:

  • URL for the API: Add the endpoint for security incident notifications.


How did we do?