- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
PrevNext
Incident Rules
Assign, prioritize, and restrict new incidents with incident rules.
When Case Manager creates an incident, an incident rule evaluates it against one or many conditions that you define, then assigns it to a queue or priority, or restricts access to it. For example, you can create an incident rule that assigns an incident to a Tier 3 queue if an email's to field is [email protected].
Case Manager evaluates an incident against each rule in the list from top to bottom. Once the incident reaches the first rule for which it matches the conditions, Case Manager stops evaluating and ignores the remaining rules in the list.