Skip to main content

Case Management Settings

In your Case Management Settings, you can view all the details related to the different Case Management Table's columns and their field values, such as editing a Case's Status SLA or adding your own custom Alert Type for example.

The Case Management Settings is separated into General Settings and CM Table Settings

info

  • Please note that the Case Management Settings page will only be available to users who have the case_management:admin permissions. For more information about Case Management Permissions, click here.

  • The images below serve as examples of the general settings layout. Your general settings may differ slightly depending on how your case management settings and tables have been configured.

General Settings

System Settings- Closed Cases Comments

By default, closed cases are locked to ensure their forensic integrity. If you wish to add comments on closed cases, simply toggle the button to enable this feature.

Thumbnail

Close Case Reason Form

  • In the Close Case Reason tab, you can customize the case closure process by configuring the required inputs. Click the "Select Field" button and select an input field from the dropdown menu. You can make the selected field mandatory by checking the corresponding box.

  • The input fields available in the Select Field dropdown menu correspond to the columns in the Cases Table. To add new fields to the "Close Case Reason Form," you must first create and add a new column to the Cases Table.

note

  • Please note that the "Reason," "Attachments," and "Details" are mandatory input fields and cannot be removed from the Close Case Form.

  • The images below serve as examples of the general settings layout. Your general settings may differ slightly depending on how your case management settings and tables have been configured.

Thumbnail

Tables

Cases

In the Cases section of the Case Management Settings, you can manage various aspects of your Cases details:

  • In the Case Type tab, you can edit existing case types, delete them, or add custom case types.
Thumbnail
  • In the Status tab you can add your own custom active statuses or customize existing Case Statuses. You can also edit the Case Status SLA.
Thumbnail
  • In the Response tab, add new actions or modify existing ones.
Thumbnail

In the Close Reason tab, you can create your own custom reason for closing a case, modify an already existing reason or delete a close reason.

Thumbnail
  • In the Tags Tab, you can edit the already existing tags, delete tags or create new tags.
Thumbnail
  • In the Vendors Tab, you can edit the already existing vendors, delete vendors or add new vendors.
Thumbnail
  • In the MITRE ATT&CK Tab, you can edit the already existing MITRE ATT&CK types, delete or add new MITRE ATT&CK types.
Thumbnail
  • In the Vendors Tab, you can edit the already existing vendors, delete vendors or add new vendors.
Thumbnail
  • In the MITRE ATT&CK Tab, you can edit the already existing MITRE ATT&CK types, delete or add new MITRE ATT&CK types.
Thumbnail

Alert Settings

In the Alerts section of your Case Management Settings you can:

  • In the Alert Type tab, you can edit existing Alerts, delete them, or add custom Alerts.
Thumbnail
  • In the Response tab, add new actions or modify existing ones.
Thumbnail
  • In the Processed tab, you can rename "Processed Alerts" to a name of your choice and set a default value.
Thumbnail
  • In the Template Exists tab, you can rename "Template Exists" to a name of your choice and set a default value.

Alert Template Table

Thumbnail

Observable Settings

In the Observables section of your Case Management Settings you can:

  • In the Observables Type tab, you can edit existing Observables, delete them, or add custom Observables.
Thumbnail
  • In the Reputation tab, you can edit existing Reputation types, delete them, or add your own custom Reputation Type.
Thumbnail
  • In the Response tab, add new actions or modify existing ones.
Thumbnail

  • The Observables tab displays all the observables you have created.

    • You can rename an observable, add or update its default value, and mark the column as unique. Marking it as unique prevents duplicate values from being added to this column in the table.
    Thumbnail

Attachments Settings

In the Attachments section of your Case Management Settings you can:

  • In the Attachments Type tab, you can edit existing Attachments, delete them, or add custom Attachments.
Thumbnail
  • In the Response tab, add new actions or modify existing ones.
Thumbnail

Task Settings

In the Tasks section of your Case Management Settings you can:

  • In the Status tab you can add your own custom active statuses or customize the already existing Task Statuses.
Thumbnail
  • In the Response tab, you can add an actions or make changes to an already existing action.
Thumbnail

Custom Table Settings

  • If you have created a custom table, you’ll find it in the Custom section of the Case Management Settings. Here, you can add, edit, or delete the table’s fields.
Thumbnail
  • For any custom fields you’ve added to the Cases Table, Alerts Table, Observables Table, or the Attachment Table, you will see them as a separate tab on the Settings page. You can easily add, edit, or delete these custom fields.
Thumbnail