Cases
In the Cases Tab, you can find everything related to the Cases you have created.
The Cases table includes the following fields:
| Fields | Description |
|---|---|
| Severity | This is the severity rank of your Case. |
| Case ID | This is the case's ID number. |
| Name | The name of the Case. |
| Summary | A summary of the Case. |
| Case Type | The type of Case. |
| Tags | Tags given to the Case. |
| SLA | The SLA represents the time the Case will expire |
| Created At | Date and time the Case was created. |
| Case Manager | The person who manages the Case. |
| Mitre Attack | A MITRE ATTACK method or strategy used in the attack. This helps categorize and understand the attack better. For more information about the MITRE ATTACK feature , click here |
| Collaborators | Users who collaborate on the case |
| Status | Status of the Case. |
| Response | Case Management Response Actions. |
| Close Reason | The reason why the case was closed |
| Closed At | Date and time the Case was closed. |
You can also select multiple records in the table by selecting the checkboxes next the records. A floating bar will appear at the top of the screen with the options to change the status of multiple cases, export the selected records to CSV or to delete the selected records.
Response Field
The Response field enables you to add incident response workflows, customized for each table of the Case Management tables. The workflows associated with a table can be then activated by Case Management users.
- Select the
icon and an edit option will appear.
- A popup will appear with the option to Add Action.
- Proceed to select the Add Action option and give the new action a name, choose the desired Workflow, enable for types and then click the apply configuration button.
- You will have the choice to either add another action or save the one you just made.
- Once completed and saved, you can then trigger all the workflow actions within the dropdown menu for actions
Editing Case Status's
- You can customize your case's status by clicking on icon next top the Status field in the case table and selecting the edit option.
- You can edit your case's status by modifying the names, the color that represents the status and add your own active statuses.
- Lastly, you can modify the SLA for the maximum time a case can remain in the specific status.
- After you have made your desired changes click the Save button.
Case Settings
In the top-right corner, click on the three dots button 
and you will the presented with the Additional Information, the Export Case option, the Close Case option and the Delete Case option.
Additional Information
In the Additional Information section, you will find details related to the selected Case, including:
- The user who created the Case.
- The time the Case was created or last updated.
- The collaborators on the Case.
- The vendor associated with the Case.
- The MITRE Attack type.
- Observables linked to the Case.
- Other Cases connected to the Case.
- Tasks linked to the Case.
- Attachments associated with the Case.
- Alerts related to the Case.
- A checkbox indicating if the case was closed by a workflow.
Export Case
The Export Case option , will automatically download a ZIP file containing PDF files and CSV files all pertaining to the selected case.
Close Case
The Close Case option , opens a pop-up where you can:
- Modify the reason for closing the selected case.
- Manage attachments by adding attachments up to
500MBin size - Update or add details related to the reason for closing the case
Click the "Save" button to apply any changes made.
Please note, closed cases will be 'locked' meaning they cannot be edited unless the case is reopened (moved back to an active status).
Delete Case
The Delete Case option will delete the selected case.
