In Cenedril you handle a security incident by opening Documentation → Security incidents, clicking Report Incident, entering the title, type and affected protection goals, and then working the incident through the response stages in the detail view. You save each stage with Save & Continue, Cenedril guides the NIS-2 deadlines for reportable incidents, and at the end you turn the documentation into a record.
Report the incident
Open Security incidents
In the sidebar open Documentation and select Security incidents. The Information Security Incident Management page lists every incident with its status, severity and deadlines. The All Incidents, Active and Closed tabs filter the list.
Start a new incident
Click Report Incident in the top right. The Report Information Security Incident form opens, with the Incident Details, Classification and Timeline sections.
Describe the incident
Enter a short label under Title (for example “Ransomware discovered on file server”) and, under Description, what happened, how it was discovered, and which systems or data may be affected. Both fields are required.
Choose type and affected protection goals
Pick the matching category under Incident Type, such as Malware, Unauthorized Access, Data Loss, Phishing or Denial of Service. Under What was affected? tick the affected protection goals: Confidentiality, Integrity and Availability.
Record the timing and create
Under Discovered at, record when the incident was first detected. The Reported at field defaults to now and can be adjusted. Click Create Incident.
Result: the incident sits in the list with the status Reported, the notification contacts are informed, and you land in the detail view to continue working on it.
Work the incident through the stages
In the detail view a progress indicator shows the incident response stages Report, Triage, Investigation, Containment, Remediation and Closure. You work through them in order and save each one with Save & Continue.
Run the triage
In the Triage stage you confirm the Severity (Critical, High, Medium or Low) and set the Containment Status. Under the response team you assign the responsible people. If you rate the incident as Critical or High and your organization is subject to NIS-2, the Reporting obligation (NIS-2) assessment also appears.
Investigate the cause and link entries
In the Investigation stage you document the Root Cause Analysis and assign affected assets, a risk source and MITRE ATT&CK techniques. From the identified root cause you can create a vulnerability entry directly. You upload evidence such as screenshots or log exports here.
Document the containment
In the Containment stage you check off the containment measures you have taken. Before any external communication, the Check before external communication block confirms that the data protection officer, works council and legal counsel were involved. Measures that require a system change can be raised as a change request.
Complete the remediation
In the Remediation stage you document the measures that restore normal operation. Where a NIS-2 notification is required, you record the incident notification to the authority (72-hour deadline) with its reference number here.
Close the incident
Capture the lessons learned
In the Closure stage you document the Post-mortem analysis (what went well, what to improve, action items), the post-incident review you carried out, and preventive measures. You can optionally record the direct and indirect cost of the incident.
Close the incident and create the record
In the summary at the end of the stage, confirm that the report, triage, investigation, containment and remediation are fully documented. Then click Close Incident & Create Record.
Result: the incident takes the status Closed, the entire documentation is saved as a record, and the entry appears in the list under the Closed tab.