The following options are available:
Sort cases in the queue based on the following options:
- Descending order of case ID numbers
- Ascending order of case ID numbers
- Newest to oldest based on the time they were created
- Oldest to newest based on the time they were created
- Newest to oldest based on the time they were modified
- Oldest to newest based on the time they were modified
- Highest priority to the lowest priority
- Lowest priority to the highest priority
- Case that took the longest SLA time to resolve followed by the ones with the shortest SLA time
- Case that took the shortest SLA time to resolve alerts followed by the ones with the longest SLA time
Filters enable you to narrow your case search in the queue.
To apply a filter:
- Click the filter icon to specify filters.
- You can select several options from the following parameters: Analysts, Tags, Environments, Priorities, Stages. If you want to clear the filters, click the Reset button.
- Click Save.
Create Manual Case
You have the option to manually create a case. This can be useful in staging environments or for trial purposes.
- Click the plus icon and select Create Manual Case.
- In Case Properties, specify the following:
- Case Title: Title for the new case.
- Case Creation Reason: Type a reason for creating the case.
- Environment: Select the specific environment being monitored. The default is No Environment.
- Assigned To: Assign the case to a specific role/user.
- Priority: Set a priority for the case based on the preference with which the case has to be handled.
- Mark as Important: Toggle between the keys to mark a case as important or not important as required.
- Alert Name: Type a name for the security alert.
- Occurrence Time: Specify the date and time of the occurrence of the alert (using the calendar).
- SLA: Specify a date and time within which the SOC team commits to resolve the alert in the case.
- Click Next when done.
- In the Tags and Playbooks screen, select the required tags and playbooks and add them to the right column. You can also create a new tag in this dialog box if needed.
- Click Next when done.
- In the Entities screen, select any required existing entities and add them to the right column.
- If required, you can add an entirely new identity with a corresponding identifier. You can choose to mark the entity as suspicious which marks them in red in the display. You can also choose to mark them as part of the organization’s internal network. Make sure to Add them to the right column after defining them.
- Click Create.
The new case now appears in the case queue with all the details displayed.
You have the option to create a “ready made case” by simulating a case populated with system default alerts. This can be useful for example when you want to test a new playbook on a case that includes existing alerts.
- Click the plus icon and select Simulate Cases.
- Select the requested simulated attacks or any use cases that you have downloaded from the Marketplace and click Create.
- Next, select the required environment (or no environment at all) and click Simulate. The new case will appear in the queue.
Need more help with this?
Click here to open a Support ticket