Case ManagerManage Your Team

Table of Contents

Exabeam Tasks

Assign specific responsibilities and ensure everyone responds consistently using tasks.

A task is an action an analyst must complete when they investigate; for example, confirm incident is contained, capture volatile data from systems as evidence, determine root cause. Tasks are organized into phases of an investigation.

Phases and tasks ensure everyone across your organization responds to different security scenarios consistently. A manager builds a set of standard scenarios and creates processes for each one. When analysts investigate an incident, they follow this process, working on separate items in parallel so their efforts don't overlap.

Create a Task for a Phase or Incident Type

Create a task that always appears under a specific phase or incidents of a certain type.Incident Types

You can create a task just for one specific incident. To automatically create a task depending on the conditions of an incident, set up a playbook.Create a Playbook

  1. In the navigation bar, click the menu The menu icon in the navigation bar; three white lines on a green background., select Settings, then select Analytics.

  2. Under Case Management, select Incident Configuration.

  3. Select the Tasks & Phases tab.

  4. Click ADD A TASK.

  5. Enter information about the task:

    • Name – Enter a name for the task.

    • Instructions – Enter instructions, details, or other information about the task.

    • Phase – Select the phase that the task appears under.

    • (Optional) Incident type – Select the incident type that the task appears under.

    • Due date – If there is no due date, select None. If there is a due date, select how many days after the task is initiated.

    • (Optional) Required task – If the task is required, select this box.

  6. Click SAVE.

  7. Click PUBLISH.

Delete a Task for a Phase or Incident Type

Delete a task that appears under a phase or for all incidents of a certain type.Incident Types

  1. In the navigation bar, click the menu The menu icon in the navigation bar; three white lines on a green background., select Settings, then select Analytics.

  2. Under Case Management, select Incident Configuration.

  3. Select the Tasks & Phases tab.

  4. Hover over a task, then select the trash A grey trash can.. A warning appears.

  5. Click DELETE.

  6. Click PUBLISH. Your changes are reflected in new incidents. They don't apply to existing incidents, open or closed.

Create a Task for a Specific Incident

Create a task that only appears under a specific incident to ensure that your team doesn't miss something when they respond to it.

Under each phase, create tasks to ensure your team complete certain duties. Assign the tasks to specific people so they know exactly what they should do to work in parallel. After they complete the task, they mark it as done.

You can create a task that always appears under a phase or for all incidents of a specific type. To automatically create a task depending on the conditions of an incident, set up a playbook.Create a PlaybookCreate a Playbook

  1. In the navigation bar, click INCIDENTS, select an incident, then select the Tasks tab.

  2. In a phase, click ADD TASK

  3. Enter information about the task:

  4. Click SAVE.

Manage a Task in an Incident

View, reassign, change the due date, update the status, and add notes to any task, just for that specific incident.

  1. In the navigation bar, click INCIDENTS, select an incident, then select the Tasks tab.

  2. Select a phase to expand it and view associated tasks, assignee(s), and due date. Hover over the task to view further details.

  3. Edit the task:

    • To re-assign the task to another analyst, click the task assignee and select another analyst from the list.

    • To change the due date, click the task due date and select another date on the calendar. If a task is not closed before the due date, the due date appears in red text with a warning icon.

    • To view additional details or update the task status, select the task name. Review the due date, add notes about the conclusion, or mark the task as done.

    • To close a task, select the task name to view additional details, then click MARK AS DONE

      OR

      On the Task tab, select the checkbox.