In the Case Triage step, which occurs every five minutes by default, is designed to automate the response and triage process for cases. This phase can be fully customized to suit each customer’s specific tools and preferred workflows. Additionally, the Triage phase automatically closes stale cases, which are cases that have been open for more than 30 days.

”Main-Triage” Workflow

This workflow automates the triage process by first identifying cases that have been open for an extended period and then processing all active cases based on their type. The workflow consists of several steps that handle different actions for case management and triage.

Custom Use Case Example: “Triage Malware” Subflow

This Subflow processes an alert related to a malware incident, checking the status of the malware within the system (such as whether it has been deleted or quarantined). Depending on the outcome, the workflow will either update the severity of the case or automatically resolve it by closing the case.