About Cases
A case in Case Management refers to a structured record of an issue, request, or investigation that requires tracking, resolution, and collaboration. Cases typically contain relevant details such as the issue description, assigned users, status, priority, timestamps, and associated actions or documentation.
In Blink’s Case Management, a case represents a security event, incident, or investigation that is logged and managed through automated workflows and integrations with 3rd-party security systems. Each case helps teams track progress, document findings, and ensure timely resolution.
Case Tables Runtime Limitations click here. Keep in mind that the xTables in Cases have the same runtime limitations as the tables in the workspaceCreate a New Case
Navigate to Cases
In your selected workspace, navigate to the sidebar and select the ‘Case’ tab.
Open the New Case Form
Navigate to the top-right corner and click the ‘New Case’ button.
Fill in all the necessary fields
Once completed, select the ‘Add Record’ button in the bottom-right corner.
Case's Table Fields
Case's Table Fields
| Parameter | Description |
|---|---|
| Name | The name of the Case. |
| Severity | The severity rank of your Case. It can be: Low, Medium, High or Critical. |
| Status | The Case’s Status |
| Case Type | The type of case. |
| Summary | A brief summary of the case. |
| Case Manager | The email address of the user who created the case. |
| Vendors | The vendor associated with the Case |
| Overview | An overview of the Case. |
| SLA | The duration of time within which a task pertaining to the case must be completed before the SLA time period is reached. |
| Tags | Tags linked to the case. |
| Collaborators | Users who collaborate on the case |
| Mitre Attack | A MITRE ATTACK method or strategy used in the attack. This helps categorize and understand the attack better. For more information about the MITRE ATTACK feature , click here |
| Linked Alerts | The Name and ID of the Alert(s) you want to link to this current case. |
| Linked Cases | The Name and ID of the Case(s) you want to link to this current case. |
| Linked Tasks | The Name and ID of the Tasks(s) you want to link to this current case. |
| Linked Observables | The Name and ID of the Observable(s) you want to link to this current case. |
| Linked Attachments | The Name and ID of the Attachment(s) you want link to this current case. |
Editing a Case’s Status
You can customize your case’s status by clicking on icon next top the Status field in the case table and selecting the edit option.
You can edit your case’s status by modifying the names, the color that represents the status and add your own active statuses.
Lastly, you can modify the SLA for the maximum time a case can remain in the specific status.
- After you have made your desired changes click the Save button.
Summary Widget
Above the case table, you will find the Summary Widgets, showing the total alerts ingested (line chart), the total number of alerts processed (line chart), the total number cases opened by severity (donut chart), the total number of closed cases (donut chart), the total number of cases categorized by type (bar chart) and whether the SLA status was met or exceeded (donut chart).
Clickable Tags in the Linked Cases Columns
Clicking on the tags in the “Linked Cases” column in the selected Case Management table (such as the Cases Table, Observables Table, Alerts Table, or Attachments Table) will open its Case Overview in a new browser tab.