A Service Level Agreement (SLA) represents a commitment by the SOC to perform specific tasks, such as investigation or remediation of specific cases within a specified duration of time. The case SLA is determined according to its alerts’ SLA. When a case has more than one alert, then the case SLA will be assigned to the SLA with the shortest time, as defined in the SLA period field.
In addition, each case stage can have an SLA of its own, starting from the transition into it and ending once transitioning to the next stage.
The SLA screen tab enables you to add, modify, and delete SLA definitions.
To add an SLA:
- Click the plus icon on the top right of the screen.
- Select whether the SLA will be attached to an alert (either all alerts or specific ones) or will be attached to a case stage (e.g. triage, investigation)
- Add the time frames for the SLA time and the critical time. Note that the case SLA period is counted from when an alert enters the system, and the case stage SLA is counted for as long as the case is in the relevant stage.
- Click Create.
Need more help with this?
Click here to open a Support ticket