Security Operations Overview

A real-time incident command surface for security teams: raise and run incidents, fire emergency alerts, triage distress from external contacts, and review everything afterwards. An Enterprise feature.

What Security Operations Is

Security Operations is the place your team runs a live incident from. It pulls the things you need in a crisis into one surface: declare an incident, work a protocol, broadcast to rooms, fire an emergency alert to staff and external contacts, triage anyone who replies that they're not safe, and — once it's over — write it up. It's built for security teams who have to respond and prove they responded.

Getting There

Open Security Operations from the dashboard sidebar. It runs as its own workspace, with a left-hand menu for each view and a live dashboard front and centre.

The Views

• Dashboard — Live picture: active incidents, alerts by severity, team presence, acknowledgement speed, and a running feed of recent events.
• Active Incident — Run the incident in front of you: checklist, broadcasts, notes and an immutable timeline.
• Emergency Alerts — Fire alerts to a room's members and to external contacts by SMS, with acknowledgement tracking.
• Distress — Triage and respond to people who reply that they need help.
• Protocols — Build the reusable checklists incidents run from.
• Announcements — Maintain the library of pre-recorded voice messages you broadcast.
• Intelligence — Review entities pulled automatically from incident transcripts.
• History — Search past incidents and open their full dossier.
• Incident Replay — Play an incident back, synchronised across transcript, audio and events.

Who Can Do What

• View (security_ops.view) — See incidents, alerts, distress cases, protocols, announcements and intelligence. Read-only.
• Manage (security_ops.manage) — Everything in View, plus create and resolve incidents, fire alerts, run protocols, edit announcements, respond to distress, and sign off after-action reviews.