The following options are available:
- Refresh
- Sort
- Filter
- Create Manual Case
- Simulate Case
Sort ![]()
Sort cases in the queue based on the following options:
- Descending order of case ID numbers
- Ascending order of case ID numbers
- Newest to oldest based on the time they were created
- Oldest to newest based on the time they were created
- Newest to oldest based on the time they were modified
- Oldest to newest based on the time they were modified
- Highest priority to the lowest priority
- Lowest priority to the highest priority
- Case that took the longest SLA time to resolve followed by the ones with the shortest SLA time
- Case that took the shortest SLA time to resolve alerts followed by the ones with the longest SLA time
Apply Filter
![]()
Filters enable you to narrow your case search in the queue.
To apply a filter:
- Click the filter icon to specify filters.
- You can select several options from the following parameters: Analysts, Tags, Environments, Priorities, Stages. If you want to clear the filters, click the Reset button.
- Click Save.
Create Manual Case
You have the option to manually create a case. This can be useful in staging environments or for trial purposes.
- Click the plus icon
and select Create Manual Case.
- In the first step of the wizard, specify the following Case Properties:
- Case Title: Title for the new case.
- Creation Reason: Type a reason for creating the case.
- Environment: Select the specific environment being monitored.
- Assigned To: Assign the case to a specific role/user.
- Priority: Set a priority for the case based on the preference with which the case has to be handled.
- Mark as Important: Toggle between the keys to mark a case as important or not important as required.
- Click Next.
- In the Alert step of the wizard, specify the Alert information:
- Alert Name: Type a name for the security alert.
- Occurrence Time: Specify the date and time of the occurrence of the alert (using the calendar).
- SLA: Specify a date and time within which the SOC team commits to resolve the alert in the case.
- Click Next when done.
- In the Entities step, select any required existing entities. You can also choose to add an entirely new identity with a corresponding identifier. You can choose to mark the entity as suspicious which marks them in red in the display. You can also choose to mark them as part of the organization’s internal network.
- Click Next when done.
- In the Tags step, select any existing tags, create new tags, or leave blank, according to your needs.
- Click Next when done.
- In the Playbooks step, select any relevant playbooks to be attached to the alerts.
- Click Finish when done.
The new case now appears in the case queue with all the details displayed.
Simulate Case
You have the option to create a “ready made case” by simulating a case populated with system default alerts. This can be useful for example when you want to test a new playbook on a case that includes existing alerts.
- Click the plus icon
and select Simulate Cases.
- Select the requested simulated attacks or any use cases that you have downloaded from the Marketplace and click Create.
- Next, select the required environment (or no environment at all) and click Simulate. The new case will appear in the queue.
Need more help with this?
Click here to open a Support ticket