- Case Manager
- Case Manager Terminology
- The Difference Between Entities and Artifacts
- The Incidents Page
- Get to Know an Incident
- The Workbench
- The Case Manager Metrics Page
- Case Manager on the Home Page
- Configure Case Manager Settings
Case Manager Terminology
Before you use Case Manager, know what things mean. Define terms you see in the product and throughout the Exabeam documentation.
An object you collect during your investigation; a piece of evidence. The default artifact types are file, IP address, log, and process.
The principal object you investigate. It can be a person, an internal or external machine, or critical data like a file. The default entity types are file, device, and user.
An unusual occurrence that indicates a threat to your organization; what a security analyst investigates. You can create an incident manually or automatically using Incident Responder.
- Incident field
An attribute of an incident, like its description or the time it was created.
- Incident type
The nature of an incident (e.g. malware, phishing attempt, data leakage, departed employee). Based on the incident type, Incident Responder displays certain incident fields and tasks.
A group assigned to handle and investigate an incident.
- Queue member
A security analyst who has been added to a queue.