PT Departmental Center

Main article: Security Information and Event Management (SIEM)

PT Departmental Center is an incident management system (IRP) built in accordance with methodological recommendations for the creation of GosSOPKA centers. The solution automates the incident response process and informs the National Computer Incident Coordination Centre (NCCC).

2021: PT Departmental Center 2.0 with addition of integration API

On March 18, 2021, Positive Technologies presented an updated version of the PT Departmental Center incident management system. The product has received more functions for effective incident management. You can now customize your product flexibly to meet your company's needs and automate basic incident scenarios. Thanks to the PT Departmental Center configuration module, it is easy to adapt to the specifics of the organization: change the forms of incident cards, filters and the timing of response tasks (SLAs). Ready-to-use connectors and integration API will help you build your system flexibly into your existing infrastructure .

SOC GOSSOPKA It is important for companies that begin to create or centers to give not only a format for interacting with GosSOPKA or other industry centers, but also a tool for customizing the product to the specifics of their work, "says Sergey Kutz, head of solutions development for cyber security Positive Technologies. - The response team is usually sent a large stream of information incidents, so you have to spend a lot of time distributing tasks to the responsible employees. Various departments are involved in the processing of incidents - specialists, IB IT administrators, resource owners. To coordinate work, automation mechanisms are needed. "PT Departmental Center '2.0 allows you to set up incident management, speed up and simplify their processing: apply response templates, monitor processing deadlines in real time, and inform NKTSKI another industry center in the established format.

The extended edition of PT Departmental Center 2.0 includes the possibility of adding additional fields and pre-filters to the incident card, as well as creating automation scenarios such as automatic assignment of incidents to operators, automatic creation of tasks for a particular operator based on the type of incident, automatic mail notifications of events in the system. In addition, system users can develop their automation scenarios tailored to specific tasks.

In the second version of PT Departmental Center, an integration API also appeared, allowing partners, system users, to create their own connectors to data sources. The Integration API service allows you to receive information about incidents from SIEM systems, claim processing systems and any other external sources.

In addition to the PT Departmental Center system, Positive Technologies specialists have developed a comprehensive solution for creating the GosSOPKA center and interacting with the NCCI, as well as PT Platform 187 to implement the main requirements of the Federal Law from 26.07.2017 No. 187-FZ and solve the tasks of the GoSOPKA centers for small isolated infrastructures.

2018: Capabilities of the product "PT Departmental Center"

PT Departmental Center is based on automation and knowledge management, which allow you to build a process for responding to incidents and interact with the regulator in a bilateral format.

So, as of September 2018, using the system:

• collection of incident data;
• registration of incidents by creating requests for their processing (incident cards) both manually and automatically;
• Incident response (coordination, cause identification, incident localization, response planning, response control);
• the exchange of incident data with the main centre of GosSOPCA;
• application of methodological recommendations of the main center of GosSOPKA in the process of information security monitoring.

Incident management with the help of PT Departmental Center