- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Investigate a Security Incident
Use Case Manager to investigate incidents. Edit incidents and add evidence as your investigation progresses. Complete tasks and follow a defined incident response plan. Communicate directly with stakeholders using case notes and email. Filter, search, and sort incidents to find a specific one.
Instead of ingesting incidents from a service as they cross a risk threshold or creating an incident from a Smart Timelines™ session summary, manually create an incident if you need one immediately and it's not associated with an Advanced Analytics session.
Change an incident's details, and reassign the incident to a different person, priority, or status.
Add the primary objects you're investigating to the incident. You can create three types of entities: file, device, and user.
Provide external evidence to your investigation. You can create five types of artifacts: file, IP, process, URL, or email address.
Add Advanced Analytics Evidence to a Case Manager Incident
If an Advanced Analytics-generated incident doesn't include all the entities or artifacts you need, add them to the incident directly from Advanced Analytics.
Manage Tasks During an Investigation
Follow a defined response plan using tasks. As you progress through your investigation, create, re-assign, change due dates, and close tasks.
Send Messages from an Incident
Send messages, collaborate, and track information right from within an incident.
Filter the list of incidents to find those that fit a certain criteria. If you frequently use certain criteria, create your own custom filter.
Jump to a specific incident based on keyword using the search bar.
Sort the list of incidents using the Sort By menu. Use this with filters and search to find the incident you need.
To audit incidents, give details about incidents to people outside of your SOC, or archive and back up incident data to your local environment, export a list of incidents to a CSV file.