- Case Manager i56 Release Notes
- What's New
- Known Issues
- Issues Fixed in Case Manager i56.5 (General Availability)
- Issues Fixed in Case Manager i56.6
- Issues Fixed in Case Manager i56.7
- Issues Fixed in Case Manager i56.8
- Issues Fixed in Case Manager i56.9
- Issues Fixed in Case Manager i56.10
- Issues Fixed in Case Manager i56.11
- Issues Fixed in Case Manager i56.12
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Assign an Incident to a Queue, Assignee, Priority, or Status
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Incident Types
Standardize information, actions, and evidence for common security incidents using incident types.
An incident type is a category that represents a security scenario. It standardizes incident fields, phases, tasks, and playbooks, and ensures you have the information and tools you need to resolve an incident based on attack vector or case context.
For example: In your organization, a phishing campaign targets multiple users, and each user automatically triggers and creates an incident. Since all these incidents are of a specific type—phishing—you need a specific set of information, actions, and evidence to resolve them, like sender, recipient, or email subject. The Phishing incident type ensures those are all included in a phishing incident so you have everything you need to research and resolve it.
Generic Incident Type
The Generic incident type standardizes incident fields for every incident created, manually or automatically.
Case Manager automatically assigns the Generic incident type to every incident created, manually or automatically. You can't unassign the Generic incident type from an incident; every incident must be assigned the Generic incident type.
The Generic incident type comes with specific incident fields. You can't remove these incident fields from the incident type, add custom incident fields to the incident type, or otherwise customize the incident type's layout.
Create an Incident Type
Create an incident type to represent a common security scenario and standardize information, actions, and evidence.
In the navigation bar, click the menu
, select Settings, then select Analytics.Under Case Management, select Incident Configuration.
In the Types tab, click ADD TYPE.
In the CREATE INCIDENT TYPE menu, enter a name and description for the incident type.
Click SAVE. The new incident type appears in the list of incident types with a Custom status.
For your new incident type, create custom incident fields or design a custom layout.
Delete an Incident Type
When you delete an incident type you created, you can no longer apply the type to any incidents. You won't delete an existing incident that was assigned the type or any of its data.
In the navigation bar, click the menu
, select Settings, then select Analytics.Under Case Management, select Incident Configuration.
In the TYPES tab, hover over an incident type, select the More
menu, then select Delete.A warning appears. Click DELETE.