- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Create an Incident Rule
Create an incident rule to assign, prioritize, and restrict new incidents.
Case Manager evaluates an incident against each rule in the list from top to bottom. Once the incident reaches the first rule for which it matches the conditions, Case Manager stops evaluating and ignores the remaining rules in the list.
In the sidebar, click SETTINGS, then select Analytics.
Under Case Management, select Incident Rules
Click Add new triage rules.
Enter information about the rule:
Rule Title – Give the incident rule a unique name.
Conditions – Assign a condition that evaluates the incident. To add more than one condition, click +ADD.
The conditions are case sensitive. For example, if the "to" field is [email protected], the rule won't trigger if the "to" field is [email protected].
Assign to Queue – Assign the incident to a queue. Otherwise, assign the incident to the default Unassigned Queue.
Priority – Assign the incident to low, medium, high, or critical priority.
Restrict To – Restrict who can access, see, or search for this incident. You can restrict access to one person or a group. These are groups you named when you configured LDAP.
Click SAVE.