Event Lifecycle Management – Acknowledging, Validating, and Purging an Event
By Pam Johnson 
Once an event has been remediated (Read my previous article about Remediating an Event), the remediation can be validated to ensure that the incident has been fully resolved. Validating the correct resolution of the event can be accomplished as part of a role within ConsoleWorks such that only a supervisor or other privileged overseer can validate and ultimately close the event resolution.
Events have three possible states: Detected, Acknowledged, and Purged. Once the remediation is validated, the event may be “Acknowledged,” either by an automated action, another event acknowledging the current event, or by a user interacting with the event. When an event is acknowledged by a user, that individual may be asked to enter a comment briefly describing what was done, who was called, or the current state of affairs.
Each event state (Detected, Acknowledged, and Purged) may have state specific actions associated with the event that are executed when the event moves to a particular state. When an event is acknowledged, any associated actions with the event’s “Acknowledged” state are also executed at that time.
Once an event is acknowledged, it remains in the list of active events in an acknowledged state, allowing the event acknowledgment to be reviewed by an operation process or supervisory process before being removed from the event list. When the event is “Purged” from the active list, any associated purge-actions linked to the individual events are also executed at that time and the event is removed from the active event list.
For additional information on acknowledging, validating, and purging events and the ConsoleWorks® Complete Event Lifecycle Management Solution, download the Solution Brief: A Complete Solution for Event Lifecycle Management
Additional Event Lifecycle Management blog articles are available at the links below:
- Event Lifecycle Management and its Value in the Compliance Process
- Event Lifecycle Management – Event Detection
- Event Lifecycle Management – Logging Events
- Event Lifecycle Management – Analyzing Events
- Event Lifecycle Management – Notifying When an Event Occurs
- Event Lifecycle Management – Remediating an Event
Tags
Access Control Audit Automation Best Practice Change Management Compliance Configuration Configuration Ports Cyber Asset Cyber Security Detect Event Detection Event Lifecycle Management Events Forensic Records Healthcare HIPAA IEM Isolate IT Foundation IT Infrastructure IT Operations Log Files Monitoring MTTR NERC-CIP Out-of-Band Patching Patterns PCI Persistence Privileged Interfaces Privileged User Real-Time Records Remediation ROI Root Cause Security Security Risk Simplifying Work Solaris System Administrators Utilities Virtual Machine-
More Blog Posts
-
By Tom Kearns One element of configuration management is the recording and auditing of the actual configuration files on IT devices. The first time we
-
By Pam Johnson In my previous articles, From the Control to the Substation to the Pole and Remote Access Management – A Comprehensive Security Solution,
-
By Tom Kearns Control over privileged interfaces (baseboard management controllers – iLO, DRAC, ILOM, etc.) for break/fix, build, provisioning, and configuration changes is an increasingly
-
