• Please note that the Case Management Settings page will only be available to users who have the case_management:admin permissions. For more information about Case Management Permissions, click here.

  • The images below serve as examples of the general settings layout. Your general settings may differ slightly depending on how your case management settings and tables have been configured.

System Settings- Closed Cases Comments

By default, closed cases are locked to ensure their forensic integrity. However, if you would like to add comments to closed cases, toggle the button to enable this setting.

Close Case Reason Form

  • In the Close Case Reason tab, you can customize the case closure process by configuring the required inputs. Click the “Select Field” button and select an input field from the dropdown menu. You can make the selected field mandatory by checking the corresponding box.

  • The input fields available in the Select Field dropdown menu correspond to the columns in the Cases Table. To add new fields to the “Close Case Reason Form,” you must first create and add a new column to the Cases Table.

Tables

To add custom columns to any Case Management table, first locate the header of the desired table. Click the button next to the table’s tab to open the column options menu. From there, click the Add new column button to create and configure a new custom column.

Cases

In the Cases section of the Case Management Settings, you can manage various aspects of your Cases details:

  • In the Case Type tab, you can edit existing case types, delete them, or add custom case types.
  • In the Status tab you can add your own custom active statuses or customize existing Case Statuses.

You can customize the Case Status SLA by clicking the icon next to the colored block, then entering your preferred time period in minutes, hours or days

  • In the Response tab, add new actions or modify existing ones.

In the Close Reason tab, you can create your own custom reason for closing a case, modify an already existing reason or delete a close reason.

  • In the Tags Tab, you can edit the already existing tags, delete tags or create new tags.
  • In the Vendors Tab, you can edit the already existing vendors, delete vendors or add new vendors.
  • In the MITRE ATT&CK Tab, you can edit the already existing MITRE ATT&CK types, delete or add new MITRE ATT&CK types.

Alert Settings

In the Alerts section of your Case Management Settings you can:

  • In the Alert Type tab, you can edit existing Alerts, delete them, or add custom Alerts.
  • In the Response tab, add new actions or modify existing ones.

In the Processed tab, you can rename “Processed Alerts” to a name of your choice and set a default value.

In the Template Exists tab, you can rename “Template Exists” to a name of your choice and set a default value.

Alert Template Table

Observable Settings

In the Observables section of your Case Management Settings you can:

  • In the Observables Type tab, you can edit existing Observables, delete them, or add custom Observables.
  • In the Reputation tab, you can edit existing Reputation types, delete them, or add your own custom Reputation Type.
  • In the Response tab, add new actions or modify existing ones.

  • The Observables tab displays all the observables you have created.

    • You can rename an observable, add or update its default value, and mark the column as unique. Marking it as unique prevents duplicate values from being added to this column in the table.

Attachments Settings

In the Attachments section of your Case Management Settings you can:

  • In the Attachments Type tab, you can edit existing Attachments, delete them, or add custom Attachments.
  • In the Response tab, add new actions or modify existing ones.

Task Settings

In the Tasks section of your Case Management Settings you can:

  • In the Status tab you can add your own custom active statuses or customize the already existing Task Statuses.
  • In the Response tab, you can add an actions or make changes to an already existing action.

Custom Table Settings

Custom Tables let you create flexible, user-defined tables within a case—tailored entirely to your specific needs. You can design the table structure, choose the fields you want, and control how and when the table appears, making it easy to manage case-related data in a way that fits your workflow.

Create a Custom Table

1

Navigate to Case Management Settings

In the Case Management Settings, click the ’ Add new table’ button.

2

Name and Describe Your Table

Give your table a name and optionally add a description. When you’re ready, click Create Table.

3

Confirmation of Table Creation

A popup will confirm that your custom table has been successfully created. The new table will now appear under the ‘Tables’ section of the Case Management Settings

The custom table you create will appear in the Case Management interface alongside the built-in tables—such as Cases, Alerts, Observables, Attachments, and Tasks.
4

Add Custom Columns

Click the next to the response header and click the ’ Add new column’ button.

5

Fill Out the Field Details

  • Field Name – Enter a name for the field.
  • Input Type – Select the type of input this field will accept (e.g., Text, Number, Time, etc.).
  • Advanced Settings: Default Value – Optionally set a default value to be used when no value is provided by the user. Leave it blank if you don’t want a default.
  • Advanced Settings: Unique Value – Enable this to ensure that all entries in this column are unique within the table. This prevents duplicates for the selected field.

The Unique Value setting is only available for the following input types: Text, Numbers, Users, and Time. Learn more about enforcing unique values here.

Manage Custom Tables

To manage a custom table, click the menu next to the table’s name. From this menu, you can:

  • Edit the table’s name, fields, or configuration
  • Copy Schema to duplicate the structure for use elsewhere
  • Copy Table ID for referencing the table programmatically
  • Delete the table if it’s no longer needed