- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Configure Case Manager Settings
Ingest data, create rules to triage incidents, customize incidents, create or edit queues, and configure a proxy in Case Manager settings.
In the sidebar, click SETTINGS
. Depending on your permissions, select Core or Analytics.
If you have Core Manage Users and Context Sources permissions, you can access only Core settings.
If you have Advanced Analytics All Admin Ops permissions, you can access both Core and Analytics settings. In Analytics settings, you can configure and customize more settings than in Core settings.
Core Settings
In Core settings, view all settings under ALL APPS or click the INCIDENT RESPONDER tab to view Case Manager and Incident Responder settings.
Under SERVICE INTEGRATIONS, select Proxy to configure a proxy connection.
Under QUEUES, create, edit, and delete a queue.
Under INCIDENT INGESTION:
Select Incident Source to add sources that feed data into Case Manger.
Select Incident Feeds to specify which type of log to ingest from your incident source.
Select Email Ingest to configure email ingest.
Select 2-Way Email to configure an email account and start sending emails directly from an incident.
Analytics Settings
In Analytics settings, navigate to Case Management.
In Email Notification, configure email notifications about Case Manager activity, like when someone creates, changes, or comments on an incident, create templates for these email notifications, and create templates for emails sent using the Notify by Email Exabeam action.
In Incident Ingestion, add sources that feed data into Case Manager, specify which type of log to ingest from your incident source, configure email ingest, or configure an email to send emails directly from an incident.
In Incident Rules, create rules to automatically triage incidents after they're created. You can also edit and delete these rules.
In Incident Configuration, create incident types, incident fields, tasks, and phases.
In Queues, create, edit, or delete a queue.
In Proxy, configure a proxy connection.