The Case Overview provides a comprehensive, centralized view of everything related to a case. From basic attributes like name, severity, and status to advanced metadata, linked entities, and a secure activity timeline—this interface is your go-to hub for managing and understanding the lifecycle of any case.

Each section within the Case Overview is designed to help you quickly access and update case information, collaborate with team members, and ensure critical context is never missed. Whether you’re assigning a case manager, reviewing linked alerts and observables, or generating AI-powered summaries, the overview enables efficient, informed decision-making at every stage.


Case Details

In the Case table, click on the Case you want to edit. The Case Overview will open, displaying all the details for that Case.

Case Name

The Case Name serves as the primary identifier for your case, making it easier to track and reference. You can either keep the default Case Name or customize it by double-clicking and entering a new name. A clear and descriptive case name ensures better organization and communication.

Severity Level

The Severity Level helps prioritize cases based on their urgency and impact. Choose the appropriate Severity level for your case by selecting from the available options: Low, Medium, High, or Critical. This classification ensures that high-priority cases receive immediate attention while lower-severity cases are handled accordingly.

Case Type

The Case Type categorizes your case, helping to streamline case management and reporting. Select a category from the predefined case types to classify the nature of the case. Proper categorization ensures that the case is handled by the appropriate team and follows the correct resolution process.

Case Tags

Case Tags allow you to add relevant keywords to your case for better filtering and searchability. Customize your case by attaching relevant tags. Simply check the boxes corresponding to your preferred tags. Using tags makes it easier to track and manage similar cases in the system.

Case Status

The Case Status indicates the current progress of the case. Choose from the available status options: Open, In Progress, Closed, or a custom status. Keeping the case status updated ensures transparency and helps teams manage case workflows efficiently.

Case Status SLA

The Case Status SLA defines the maximum time a case should remain in a specific status. Set a Status SLA by choosing a time duration in days, hours, or minutes. This helps in tracking time-sensitive cases and ensures they progress through the workflow within expected timelines.

Case Manager

The case manager is the individual responsible for overseeing and managing the case resolution process. Assigning a dedicated manager helps in accountability and efficient case handling.

When selecting a user in the ‘Case Manager’ field, the dropdown will now display:

Users in the workspace who have one of the following permissions:

  1. case_management:admin
  2. case_management:edit
  3. case_management:view
  4. case_management:restricted (only if the case is explicitly shared with them)

Or

All Groups available within the tenant.

This ensures that only users or groups with the appropriate level of access to case data can be assigned or selected as Case Managers.

Case SLA

The Case SLA (Service Level Agreement) defines the overall resolution time for a case. Set the SLA by selecting a time duration in days, hours, or minutes**. This ensures that cases are resolved within the agreed timeframe and helps maintain operational efficiency.


Case Overview

The Summary Section

The Summary Section provides an AI-generated overview of the case, ensuring a quick and structured understanding of key details.

All customer case data is securely stored within the Blink platform, following the same security protocols as other operational data, including structured data (e.g., tables). These security measures apply uniformly across hybrid environments.

To generate case summaries, Blink leverages Google’s Vertex AI model. Google ensures, as per their terms of service, that any data inputted is not stored or used beyond the prompt.

Safe Use of AI

  • Case data for all customers is securely stored within the Blink platform, following the same protocols as other operational data, like tables. This process is uniformly applied to all hybrid customers. To create case summaries, we leverage Google’s Vertex AI model, with Google’s assurance, as outlined in their terms of service, that any data used in the prompt will not be saved or used.
  • It is important to note that Blink does not use customer data for AI training. We adhere to industry standards to ensure your data remains secure, never stored or utilized for these purposes

The Notes Section

  • In the “Notes” section, you can add specific notes related to your case.This area allows you to personalize and format your text using rich text available in the notes editor. The notes section supports Markdown (md) syntax. Once you’ve made your changes, simply click “Save” to apply them.

  • You can also access only the notes section by clicking on the “Notes” tab, located next to the “Overview” tab.

Alerts Section

  • Underneath the Notes and Summary table, you can find all the alerts linked to the selected Case.

  • You can also access the alerts table, located next to the “Overview” tab.

Linked Observable

  • Underneath the Alerts table, you can find all the Observables linked to the selected Case.

  • You can also access the Observables table, located next to the “Alerts” tab.

Linked Cases

Clicking on a case row will open its overview. In the overview, you will find the linked cases section, which contains all the details of the cases that have already been linked.

To link or unlink more cases, click the “Link Cases” button in the top right corner. Then, check the boxes next to the cases you want to link, or uncheck the boxes next to the cases you want to unlink.

Tables

The Tables Section provides structured access to various case-related data, including observables, attachments, tasks, and linked cases.

To edit any item, double-click on the row, make changes, and click anywhere on the screen to save.


Timeline

  • The Timeline section provides a comprehensive history of the case, including its creation and any subsequent modifications and edits.

    • To streamline your search for specific case-related details, use the search bar or click the icon to narrow down information based on case Details, case objects, users, or timeframes.

    • You can edit any comments already posted in the timeline by hovering over the comment, clicking the icon, making any your desired changes, and clicking the button

    Note We ensure a secure and forensically reliable case timeline, with all edits comprehensively logged.

    • You can customize your comments by clicking on the text input field and selecting from various formatting options, including bold, italics, strikethrough, adding links and code formatting.

    • Use the @ symbol in the text input field to tag collaborating users. Type the username after the @ symbol to filter the list.

    • Use the forward slash () character in the text input field to trigger workflows on the case level or its linked entities (e.g., alerts, observables)

    • You can easily attach a file in two ways:

      1. Drag and drop the file directly into the text input field.
      2. Click on the text input field, then select the icon to browse and choose a file. Once attached, the file will be added to the timeline.

Case Overview Settings

The case overview’s settings provides additional options for managing a case, including viewing metadata, exporting case details, closing a case, and deleting it.

To access the case overview Settings, click the icon in the top-right corner of the case overview. This will present the following options:


Additional Information

The Additional Information section contains detailed metadata about the selected case, including its history, associations, and linked entities.

This section provides key insights, including:

  1. Case Creator: The user who initiated the case.
  2. Timestamps: When the case was created or last updated.
  3. Collaborators: Users assigned or involved in the case.
  4. Vendor Association: The vendor linked to the case (if applicable).
  5. MITRE ATT&CK Classification: The associated MITRE ATT&CK technique.
  6. Observables: Any linked observables for further analysis.
  7. Related Cases: Other cases connected to this one.
  8. Tasks: Any tasks assigned within the case.
  9. Attachments: Files uploaded to the case.
  10. Alerts: Security alerts linked to the case.
  11. Workflow Closure: A checkbox indicating whether the case was closed automatically via a workflow.

Export Case

The ‘Export Case’ feature allows users to download a structured dataset of the case, making it easy to share or archive case details.

  • Clicking ‘Export Case’ will generate a ZIP file containing:
    • PDF reports summarizing case details.
    • CSV files with structured case data for further analysis.
  • The exported files can be used for auditing, compliance, or reporting purposes.

Close Case

The Close Case option allows users to finalize and archive a case while preserving relevant details.

  • When closing a case, a pop-up appears, allowing users to:
    • Modify the reason for closing the case.
    • Attach additional files (up to 500MB) related to the case resolution.
    • Update or add closing notes with further context.
  • Clicking ‘Save’ finalizes the case closure.
Once a case is closed, it becomes locked and cannot be edited unless reopened (moved back to an active status).