Skip to main content
Skyhigh Security

Bulk Incidents Remediation

The incident response is used to address violated policies which may lead to suspected data breaches such as cyber attacks, security breaches, and more. In order to prevent data breaches, Incident Response provides a systematic approach to recognize and respond to a service disruption or security breach.

To work with bulk remediation for Office 365 groups, see Revoke Collaboration in Office 365 Groups.

Benefits of Remediating Multiple Incidents

Previously, the Policy Incidents page had a restriction of remediating only up to 100 incidents in bulk not beyond that. You can now remediate an unlimited number of incidents simultaneously on the Policy Incidents page without any restrictions by selecting all incidents after applying filters appropriately. The several benefits include:

  • Accomplish Bulk Actions. You can perform bulk actions to resolve incidents. To apply bulk actions, see Change the Response for Multiple Incidents.
  • Experience Improved Handling Efficiency. The efficiency of SOC has been significantly increased by the latest solution, allowing greater ease and efficacy, leading to optimized resource utilization and exceptional outcomes. This saves valuable time and reduces costs associated with incident remediation.
  • Ensures Comprehensive Security. Users can address all potential threats promptly which enhances overall security posture.
  • View Bulk Action Status Bars. Once you perform bulk remediation, the status bar provides users with a visual indication of the progress of the bulk action. During bulk remediation, the status bar displays a visual representation of the progress of the bulk action to the users. This feature helps to provide feedback to the users on the progress of the bulk update and helps them determine when the operation will be completed. Using status bars can reduce user perception of time, making the process smoother and more efficient. Based on the user's bulk action status, the Policy Incidents page displays the following status bars :
    • Progress Bar. It indicates the number of incidents currently being processed with the percentage of progress.
      clipboard_e89259ea5855470d7afd205c335df404b.png
    • If the bulk update is in progress, the new bulk actions are disabled until the update is complete. You need to wait for a few minutes to start new bulk actions.
      clipboard_e8b32ffee9ced0ceda9fb7d2f2a439b77.png
    • Error Bar. It indicates the number of incidents that failed to process during the bulk remediation. To check the failed incidents, filter the facets, and retry the bulk remediation process.
      clipboard_efb723a0425cd956343a8e0d78f88783b.png
    • Completion Bar. It indicates the number of incidents that have been remediated with the percentage of completion.
      clipboard_e9c13f24eebac26b54a97a32fb1a36048.png

Change the Response for Multiple Incidents

To change the response of the multiple incidents:

  1. Go to Incidents > Policy Incidents.
  2. To narrow your search results on the Policy Incidents table, select the required filters from the Omnibar.
  3. Select all incidents from the Policy Incidents table and go to Actions > Select Response
    clipboard_e80487b6e435ad57e19965430f96d0d59.png
  4. Select a Response, Status, and Email Template from the menu. 
    clipboard_ed17d30ad54aa232fdef34c77c7149294.png

NOTE: The available responses may vary depending on the violation type and the interaction type that triggered the response.

  1. Click Submit.
    The response is validated. If the response is not compatible with the incident, an error message appears. Try choosing a different response.

Once you apply the required response actions for multiple incidents, you can view the various status bars on the Policy Incidents page. For details, see View Bulk Action Status Bars.

  • Was this article helpful?