In order to achieve visual and functional uniformity in the SecureX Incident Manager, and to provide a consistent and high quality user experience, we've produced these format and content guidelines for incident summaries in SecureX. The aim is to help document incident description requirements for content developers and integration partners both within Cisco, and with third party products.
SecureX Threat Response renders incident summaries containing up to 5000 characters of Markdown text. This data is stored in the description
field of the incident entity.
Unlike GitHub Markdown, SecureX Threat Response uses a limited subset of Markdown, with no support for images or tabular data.
This document details the format and content guidelines for Incident summaries.
Supported Markdown
Unsupported Markdown
# Incident Header
## Subheader
### Secondary subheader
**Strong Text**
followed by a newline for titles between paragraphs and sections lower than H3.\n
within your description
strings.
for example, the string "This is a paragraph\n\nThis is a second paragraph"
will yield the following Markdown:
This is a paragraph
This is a second paragraph
```
# Possible Port Knocking Detected on 02-09-11
At 4:12am on February 9th, NIDS alerted for suspected port knocking behavior on VLAN 204. This behavior continued for 20 minutes, and then abruptly stopped.
## Investigation Details
Investigation details go here. (Note the H2, because this is a subsection in the document)
## Initial Response and Mitigation
(Also an H2, as we move on to the next subsection of the summary)
Unlike in GitHub markdown, Headers do NOT automatically have named anchor tags associated with them, so you cannot use them to create tables of contents like in GitHub markdown. This [Header2 link](#Header2) link doesn't actually work, like it would in GitHub.
There's currently no other way to link in between parts of the markdown document.
### Emphasis and Strong text
Paragraph with *emphasis*, a [link](url) and `preformatted text`
**Strong for non-header section titles**
## Impact Assessment
**Tabular Data**
Markdown tabular data is supported. The following method will produce data tables in the Threat Response GUI:
This will work:
```
| data | table | with | columns |
|---|---|---|---|
| 0 | 1 | 2 | 3 |
```
| data | table | with | columns |
|---|---|---|---|
| 0 | 1 | 2 | 3 |
Raw HTML will not:
```
<table>
<tr><td>0</td><td>1</td></tr>
<tr><td>2</td><td>3</td></tr>
</table>
```
<table>
<tr><td>0</td><td>1</td></tr>
<tr><td>2</td><td>3</td></tr>
</table>
## Remediation and Root Cause Analysis
**Preformatted Text Blocks**
```
Preformatted text blocks are typically used for showing code, email headers, or
command line tool output that spans multiple lines. You specify preformatted
text blocks using three backticks, as shown here.
For purposes of readability and ease of use, and visually clean, please limit
your preformatted text blocks to 80 characters wide, if at all possible.
Doing so will prevent users from needing to scroll horizontally in order to read
the preformatted text contents.
```
**Lists**
1. First list element
2. Second list element
3. Third list element with \`inline preformatted text\`
List elements cannot contain multiple paragraphs, as soft breaks are not supported and do not currently indent.
- However, you can use bullet points nested within an ordered list.
4. Ordered lists can start from any number. This is the fourth item in this list.
5. Nested list support
- one
- another
- yet another
6. Nested sublists do introduce whitespace above the next parent list item.
7. Multiple levels of nesting are permitted.
- unordered list within ordered list.
1. Ordered list within unordered list
2. Second nested ordered element
- second unordered element
**Quoted Text**
> Quoted text is useful when quoting from user interface text, email contents, or any other data that is not fixed width CLI output or source code. Quotes can also include [links](#) and `inline preformatted text`.
> When you add a newline to a quote block, you have to preface with an additional `> ` quoted text indicator.
```
"# Incident Summary Title\n\n## Incident Overview\n\n##Investigation Details\n\n##Initial Response and Mitigation\n\n##Impact Assessment\n\n##Remediation and Root Cause Analysis"
Should yield the following template:
# Incident Summary Title
## Incident Overview
## Investigation Details
## Initial Response and Mitigation
## Impact Assessment
## Remediation and Root Cause Analysis
Can you improve this documentation?Edit on GitHub
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close