Case ManagerGet Started With Case Manager

Table of Contents

Case Manager Terminology

Before you use Case Manager, know what things mean. Define terms you see in the product and throughout the Exabeam documentation.

Artifact

An object you collect during your investigation; a piece of evidence. The default artifact types are file, IP address, log, and process.

Entity

The principal object you investigate. It can be a person, an internal or external machine, or critical data like a file. The default entity types are file, device, and user.

Incident

An unusual occurrence that indicates a threat to your organization; what a security analyst investigates. You can create an incident manually or automatically using Incident Responder.

Incident field

An attribute of an incident, like its description or the time it was created.

Incident type

The nature of an incident (e.g. malware, phishing attempt, data leakage, departed employee). Based on the incident type, Incident Responder displays certain incident fields and tasks.

Queue

A group assigned to handle and investigate an incident.

Queue member

A security analyst who has been added to a queue.