Documentation - Case Manager i56 Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Assign an Incident to a Queue, Assignee, Priority, or Status
- Manually Add an Entity
- Manually Add an Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Case Manager i56 Release Notes
Case Manager i56 includes features that support customizing email notifications using templates and clearing playbook and action outputs in an incident's workbench.
What's New
Customize Your Case Manager Email Notifications
Use templates to customize email notifications about important Case Manager activity.
Previously, you couldn't customize the email notifications you received from Case Manager.
Now, you can create email notifications directly in Case Manager settings, and customize them using templates for each scenario you want to be notified about.
Exabeam Documentation: Create a Case Manager Email Notification
Exabeam Documentation: Create a Template for Case Manager Email Notifications
View Only the Latest Playbook and Action Outputs
Clean up your incident's workbench and clear existing playbook and action outputs
When you ran an action or playbook on a specific incident, the outputs accumulated in the incident's workbench, which cluttered the workbench with your entire history. It was difficult to identify the outputs of the latest playbook you just ran.
Now, you can clear all past playbook and action outputs in the workbench and the incident itself so it displays only the latest ones. In the incident's activity log, view who cleared the outputs and when.
Exabeam Documentation: Clear an Incident's Playbook and Action Outputs
Known Issues
SOAR-12695 | If you upgrade from Case Manager i53.5 or earlier, custom parsers don't work correctly and you can't ingest data from your incident feeds. Starting with parsers in i53.5, all hyphens, colons, or semicolons in incident type names were replaced with underscores. If your custom parser refers to a custom incident type with hyphens, colons, or semicolons, the Case Manager Parsing Engine can't parse logs for that incident type. To resolve this issue:
|
SOAR-12718 | When you manually run the Send Template Email action from an incident's workbench, you encounter a Failed to send email error because the action was incorrectly deprecated. To resolve this issue, use the Notify by Email action instead. |
Issues Fixed in Case Manager i56.5 (General Availability)
The i56.5 release does not include fixed issues for Case Manager. The following sections describe issues fixed in patch releases.
Issues Fixed in Case Manager i56.6
SOAR-12718 | When you manually ran the Send Template Email action from an incident's workbench, you encountered a Failed to send email error because the action was incorrectly deprecated. This issue has been resolved. Now, you can manually run the Send Template Email action from an incident's workbench. |
Issues Fixed in Case Manager i56.7
ACTN-3787 | You couldn't configure or use Email Ingest and received an error: Unable to reach Incident Response server. Related services and features are temporarily unavailable. Please refresh the application later to try again. The Email Ingest server ran out of memory because a health check executed too frequently. To resolve this issue, the health check was disabled. |
EXA-34694 | In rare cases, when an Advanced Analytics notable user session created a Case Manager incident, the Risk Reason incident field was empty. The Risk Reason incident field didn't account for risk transferred from a previous session. This issue has been resolved. |
Issues Fixed in Case Manager i56.8
SOAR-13138 | A critical vulnerability in software using Apache Log4j affected Elasticsearch in Case Manager. This vulnerability has been patched. Learn more about Exabeam's response to the vulnerability on the Exabeam Community. |
Issues Fixed in Case Manager i56.9
This release does not include fixed issues for Case Manager.
Issues Fixed in Case Manager i56.10
Issue ID | Description |
|---|---|
SOAR-12827 | Fixed an issue with custom roles where you could not view Case Manager Metrics even if you had the View Metrics permission. In addition, the View Metrics permission was duplicated under both Core and Analytics. If you had the Core View Metrics permission, you couldn't view Case Manager Metrics. Now, the View Metrics permission is under Analytics only. |
PLT-12642 | Fixed an issue where if you assigned incidents, you saw multiple values for the same person. In addition, if you logged in to Exabeam and varied the letter case of your username, like Barbara_salazar or barbara_Salazar, Exabeam created a different user for each variation. |
Issues Fixed in Case Manager i56.11
This release does not include fixed issues for Case Manager.