Security Incident Notification Intent
Security Incident Notification Intent
The Security Incident Notification intent allows users to report security incidents or request assistance in handling potential security issues. This intent gathers essential details to help the security team investigate and resolve incidents efficiently.
Use Cases
- Reporting data breaches, phishing attempts, or unauthorized access.
- Providing key details about affected systems, users, and actions taken.
- Streamlining the escalation process for IT security teams.
Configuration Guide
1. Create the Intent
- Navigate to Magic AI > Agent > Catalog.
- Click Create Intent.
- Input the following details:
- Intent Name: Security Incident Notification
- Description:
A request to report a security incident or alert, or to request assistance in handling a potential security issue, either for oneself or on behalf of another user.
- Who can use this intent: Select All clients or adjust as needed.
2. Configure Arguments
Below is the configuration for required form fields, matching the screenshots:
Argument Name | Description | Type | Required |
Incident Type | Ask this question before any others. Ask the type of security incident the user is reporting. If you already know the answer, don’t ask. (Virus/Malware, Phishing Attempt, Unauthorized Access, Data Breach, Suspicious Activity, Other) | Multiple choice | Yes |
Description of Incident | Please provide a detailed description of the security incident or issue. | Textfield | Yes |
Affected Systems | Ask which systems, devices, or accounts the user believes are affected. If the user already mentioned the affected systems, use that. | Textfield | Yes |
Time of Incident | When did you first notice the security issue? | Date | Yes |
Incident Reported For | Who are you reporting this security incident for? (Self, Someone Else) | Multiple choice | Yes |
Full Name | Ask the name of the user affected by the incident; if the user is reporting for themselves, use their name. | Textfield | Yes |
Email Address | Ask the email of the user affected by the incident; if the user is reporting for themselves, use their email. | Textfield | No |
Steps Taken | Have you taken any steps to address the issue? If so, please describe them. | Textfield | No |
Additional Details | Are there any additional details or special instructions? | Textfield | No |
3. Configure External Reply
If applicable, guide the user on the next steps to address the issue and confirm that the details provided will be reviewed by the security team.
4. Configure Automation
If needed, set up automation by specifying the appropriate API URL:
- URL for the API: Add the endpoint for security incident notifications.