case_management:admin
permissions. For more information about Case Management Permissions, navigate here. System Settings
Observable Extraction Rules
IP addresses
, URLs
, usernames
, file hashes
, and hostnames
, are critical for understanding the context and potential impact of an alert. Extracted observables enable further enrichment, triage, and automated response actions.Deduplication Rules
Close Case Reason Form
To add custom columns to any Case Management table, first locate the header of the desired table. Click the button next to the table’s tab to open the column options menu. From there, click the Add new column button to create and configure a new custom column.
Case Type
Status
You can customize the Case Status SLA by clicking the icon next to the colored block, then entering your preferred time period in minutes, hours or days
Response
Close Reason
Tags
Vendors
MITRE ATT&CK
Default values include
Alert Type
Response
Processed
Template Exists
Observable Type
Reputation
Response
Observables
Attachment Type
Response
Status
Response
Navigate to Case Management Settings
In the Case Management Settings, click the ’ Add new table’ button.
Name and Describe Your Table
Confirmation of Table Creation
Add Custom Columns
Click the next to the response tab and click the ’ Add new column’ button.
Fill Out the Field Details
Text
, Numbers
, Users
, and Time
. Learn more about enforcing unique values here.To manage a custom table, click the menu next to the table’s name. From this menu, you can: