- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Get to Know an Incident
Break down an incident into its components, and learn about the information and functionality available in an incident.
In CASE MANAGER, select an incident to view its information and take steps to review and manage it.
1Edit the incident; change its name, type, start and end time, restrict who can access the incident, and reassign the incident to a different priority, status, queue, or assignee.
2Delete the incident.
3 Create an entity or artifact.
4 Reassign the incident to a different priority, status, queue, or assignee.
5 Access the workbench to run actions and playbooks, and view the results.
6 View information about the incident. Some fields vary based on the type of incident and from where it was ingested. You can customize these fields and how they're organized in the incident.
7 View entities associated with the incident and manually add an entity.
8 View the results of actions and playbooks you've run on the incident.
9 View the tasks that must be completed for this incident.
10 View artifacts associated with the incident and manually add an artifact.
11Send messages, like case notes and emails, directly from the incident.
12 View the incident's history.