Skip to main content
Skip table of contents

Event Triage


The Event Triage page is available only to RiskStudio users with special privileges. For more information see Roles & Permissions page.

1. Introduction

Triage is a powerful feature designed to streamline the process of managing events and performing detailed assessments in your organization. In this guide, we'll walk you through the various components and functionalities of the Event Triage feature to help you make the most of its capabilities.

2. Overview and Triage Details

This section provides an in-depth explanation of how to navigate and utilize the Overview Event Triage page effectively. Let's dive into the details.

2.1 Overview Event Triage

The Overview Event Triage page serves as the central hub where all events are listed for easy access and management. Here's a breakdown of the key components and functionalities available on this page:

  • Event Listings

    • events are displayed in a list format, with the most recent ones appearing at the top for quick reference.

    • Each event includes essential details such as:

      • Unique ID: A distinctive identifier assigned to each event for easy reference and tracking.

      • Date of Creation: The date and time when the event was initially recorded in the system.

      • Subject: A brief summary of the topic or subject matter of the event.

      • Description: A snippet of the event's description providing context or insight into its nature.

      • Status: Indicates the current status of the event, such as New, In Review, Resolved, etc. more information on triage statuses follows later in the article.

  • Opening events

    • To view the details of a specific event, users can click on the event's subject or on the pencil icon.

    • Clicking on an event opens up the Event Triage Details screen, where users can access more comprehensive information about the event.

  • Navigation and Sorting

    • Users can navigate through multiple pages of events using pagination controls if the list extends beyond a single page.

    • Additionally, events can be sorted based on different criteria such as date, subject, or status to facilitate easier browsing and identification.

2.2 Event Details Tab

The Event Triage Details screen offers a detailed view of an event, providing users with essential information and tools to analyze and manage events effectively. Below a breakdown of the key components and functionalities available on this screen.

  • Description

    • This component displays the core details of the initial event, including:

      • Unique ID: A distinctive identifier assigned to the event.

      • Subject: A brief summary of the event's topic.

      • Description: A detailed description of the event.

    • Users can view these details but cannot modify them as they represent the original information provided.

  • Details

    • This component displays the core details of the initial event, including:

      • Created date: The date the event was created by a user.

      • Updated date: The date the event was updated.

      • Status: The status of the event (see section Triage process).

      • Reporter Name: The name of the individual who reported the event.

      • Assessor: The name of the person assessing the event through triage.

    • Users can view these details but cannot modify them as they represent the original information provided.

  • Assessment
    The Triage Assessment is a critical component of the Triage feature, allowing users to enhance events by providing additional information and refining them into one or more risk events. While optional, conducting a thorough assessment adds depth and precision to events, facilitating more effective risk management. Here's a detailed explanation of the Triage Assessment process and its components:

    • Threat: In this tab, users can select potential threats related to the event. Threats refer to potential events or circumstances that may exploit vulnerabilities and negatively impact an organization's resources, activities, or objectives. These can include natural disasters, cyber-attacks, human errors, or disruptions in the supply chain.

    • Control: The Control Analysis tab provides suggestions for related controls, some of which may already be included in a risk. A "control" refers to a specific measure or action taken to manage or reduce a risk. Controls can be preventive or corrective measures designed to minimize the likelihood or impact of a risk. For more information, please refer to the Risk Controls page.

    • Target: Targets, in the context of security, refer to specific objects, systems, or entities vulnerable to attacks, threats, or breaches. Within RiskStudio, targets encompass entities and related companies associated with these entities. This could include servers, applications, network segments, user accounts, as well as larger entities such as projects, departments, information flows, or processes. For more information on Entities, please refer to the Operational Entity page.

  • Triage Outcome

    • In this component, users can review and modify the outcome of the Event triage process, which summarizes the assessment of the event. The default subject of the event, which can be adjusted based on the triage outcome.

    • Users can edit these fields by clicking on the pencil icon next to each field.

2.3 Chat & Evidence tab

On the Chat & Evidence tab, you can communicate effectively with participants, gather evidence and capture reliable information to strengthen your risk management. Use the chat feature to communicate directly and collaborate on important tasks and projects.

  • Notes & Evidence

    • This component allows users to add notes and attach evidence related to the event.

    • Users can directly input notes within this component, which are then considered in the Triage Assessment suggestions.

    • Notes can be edited or deleted using the provided icons.

  • Chat with Guardian

    • Users can communicate with the Guardian who reported the event via this component.

    • Guardians can also provide additional information, comments, or feedback through the chat function.

2.4 Triage proces

The Triage Process comprises several distinct stages (status), each playing a crucial role in effectively managing events within the system. Here's a detailed explanation of each process step:






This status represents the initial phase when an event is first recorded in the triage system and has not yet undergone review or analysis.

Events in this status await assignment to a triage analyst or team for further evaluation.


In review

Events in this status have been assigned to a triage analyst or team and are actively being investigated and analyzed.

The assigned analyst or team reviews the event, conducts a thorough analysis, and gathers necessary information to assess its significance and potential impact.



Events in this status have been successfully addressed and resolved, indicating that no further actions are required.

Upon completion of the analysis and resolution of the event, the status is updated to reflect its resolved state. Based on the assessment, the event is converted to one or more Risk Events (see below).



Events in this status have undergone thorough analysis, and the results of the assessment are available for further evaluation and decision-making.

The event is considered closed after comprehensive analysis, and the findings are documented for future reference or action as necessary.

Although the process steps are numbered, it is not necessary to follow the order strictly. The states can be used interchangeably based on the specific needs and requirements of the event being triaged.

The Triage Process facilitates the systematic handling and management of events, ensuring they undergo thorough review and analysis to identify potential risks effectively. By adhering to the defined process steps, users can streamline the triage workflow and address events promptly and efficiently. If you have any further questions or require assistance, please do not hesitate to contact our support team for guidance.

3. From to Events to Risk Events

During the assessment process, an event undergoes a transformation into one or more risk events, a crucial step for comprehensive risk management. The creation of multiple risk events is contingent upon the assessment outcome, which may involve adding one or more threats, controls, and targets to the event. Each of these elements contributes to the identification and analysis of potential risks within the organization's operations.

The generation of multiple risk events serves a significant purpose, primarily for tracking and follow-up actions. By breaking down the event into distinct risk events, organizations can effectively monitor and manage each risk individually, ensuring that appropriate measures are implemented to mitigate potential threats.

Moreover, the configuration of impact settings for risks, controls, and entities plays a vital role in determining the severity and significance of each risk event. This impact, configurable based on the organization's risk management policies and priorities, provides valuable insights into the potential consequences and implications of the identified risks.

These risk events, complete with their assigned impact levels, are conveniently accessible through the Risk Event Viewer. Here, stakeholders can gain a comprehensive understanding of the identified risks, their associated impacts, and the necessary actions to address them effectively. This visibility enables proactive risk management and strategic decision-making, ultimately enhancing the organization's resilience and stability in the face of potential threats and uncertainties.

4. Get the Most Out of Event Triage

Triage is a dynamic feature designed to empower users in managing events and conducting assessments effectively. To fully harness its potential, it's crucial to explore and utilize its functionalities to gain valuable insights and make informed decisions. Here's a guide on how to maximize your experience with Triage:

  1. Introduction to Triage

    • Understand the purpose and significance of Triage within the organizational workflow.

    • Recognize Triage as a tool for streamlining event management and risk assessment processes.

  2. Overview and Triage Details

    • Navigate the Overview Triage page to access and manage events efficiently.

    • Explore the Triage Details screen for a comprehensive view of individual events and their associated details.

  3. Triage Assessment

    • Dive into the Triage Assessment process to enhance events and transform them into actionable risk events.

    • Learn how to identify threats, analyze controls, and review targets to refine events effectively.

  4. Triage Process

    • Gain insights into the various stages of the Triage Process and their significance in event management.

    • Navigate through different statuses to ensure timely handling and resolution of events.

  5. From event to Risk Events

    • Understand the process of converting events into risk events and the factors influencing this transformation.

    • Explore the significance of creating multiple risk events and the role of impact settings in determining risk severity.

By following these guidelines, you can optimize your usage of Triage and enhance your organization's risk management efforts. Remember, Triage is not just a feature—it's a strategic tool for identifying, analyzing, and addressing potential risks effectively. If you have any questions or need further assistance, our support team is always available to help you maximize the benefits of Triage for your organization's success.

5. Frequently Asked Questions (FAQs)

5. Frequently Asked Questions (FAQs)

Here are some commonly asked questions about the Triage feature along with their answers:

Q1: What is Triage, and how does it benefit my organization?

A1: Triage is a feature designed to streamline the process of managing events and conducting detailed assessments within your organization. It helps in identifying potential risks, analyzing controls, and refining events into actionable risk events, ultimately enhancing your organization's risk management efforts.

Q2: How can I access the Triage feature?

A2: Triage is typically accessible through the main navigation menu of our platform. Depending on your user role and permissions, you may need specific access rights to use the Triage feature.

Q3: Can I customize the Triage process to suit my organization's needs?

A3: Yes, the Triage feature can be customized to align with your organization's unique workflows and requirements. You can configure settings, statuses, and process steps according to your preferences to ensure seamless integration with your existing risk management practices.

6. Related pages

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.