Skip to main content
WISCONSIN STATEWIDE INTELLIGENCE CENTER (WSIC)
Suspicious Activity Reporting Form
Cyber Incident Reporting Form
Cyber Incident Reporting
Indicates required field
Submitter’s Contact Information
Telephone (###) ###-####
Organization or WSIC Partner #
Type of Organization
United States Federal Government
State, Local, Tribal, or Territorial (SLTT) Government (U.S.)
Critical Infrastructure Owner
Industry Sector (If Applicable)
Incident Start Date: mm/dd/yyyy
Incident Start Time
Incident Detected Date: mm/dd/yyyy
Incident Detected Time
Is the confidentiality, integrity, and/or availability of the organization’s information systems affected?
Please define the functional impact to the organization by selecting one of the following
High – Organization has lost the ability to provide all critical services to all system users.
Medium – Organization has lost the ability to provide a critical service to a subset of system users.
Low – Organization has experienced a loss of efficiency, but can still provide all critical services to all users with minimal effect on performance.
None – Organization as experienced no loss in ability to provide all services to all users.
What is number of systems impacted (if known)?
How many users are impacted (if known)?
What operating systems (OS) are impacted?
How was this incident detected?
By an Administrator
Intrusion Detection System
Log Review by an Analyst
By a User
What is the function of the system(s) affected? Please select all that apply
Domain Name Server(s)
Please enter the attacking Internet Protocol (IP) address(es)
Add another attacking Internet Protocol (IP) address(es), Port Protocol
Please paste network flow here (if available)
Please select at least one threat vector
Loss or Theft of Equipment
Cyber Incident Report Type
Suspicious Network Traffic
Information Impact to the Organization
Was the confidentiality of classified information compromised?
Was proprietary information such as protected critical infrastructure information (PCII), intellectual property, or a trade secret accessed or exfiltrated?
Was personally identifiable information (PII) such as taxpayer, employee, or beneficiary accessed or exfiltrated?
Was protected health information (PHI) such as medical history, test and laboratory results, insurance information accessed or exfiltrated?
Was sensitive or proprietary information modified or deleted?
Please select the organization’s recoverability for this incident
Supplemented – Time to recovery is predictable with additional resources.
Regular – Time to recovery is predictable with existing resources.
Extended – Time to recovery is unpredictable; additional resources and outside help are needed.
Not recoverable – Recovery from this incident is not possible (e.g., sensitive data exfiltrated and posted publicly).
Narrative of Events
Leave this field blank