- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Case Manager Terminology
Before you use Case Manager, understand terms you see throughout the product and in Exabeam documentation.
- Artifact
An object you collect during your investigation; a piece of evidence. The default artifact types are file, IP address, log, and process.
- Entity
The principal object you investigate. It can be a person, an internal or external machine, or critical data like a file. The default entity types are file, device, and user.
- Incident
An unusual occurrence that indicates a threat to your organization; what a security analyst investigates. You can create an incident manually or automatically using Incident Responder.
- Incident field
An attribute of an incident, like its description or the time it was created.
- Incident type
The nature of an incident (e.g. malware, phishing attempt, data leakage, departed employee). Based on the incident type, Incident Responder displays certain incident fields and tasks.
- Queue
A group assigned to handle and investigate an incident.
- Queue member
Someone who has been added to a queue.