Cloud-delivered Case ManagerCase Manager Documentation

Manually Create an IncidentManually Create an Incident

Instead of ingesting incidents from a service as they cross a risk threshold or creating an incident from a Smart Timelines™ session summary, manually create an incident if you need one immediately and it's not associated with an Advanced Analytics session.

Edit an IncidentEdit an Incident

Change an incident's details, and reassign the incident to a different person, priority, or status.

Manually Add an EntityManually Add an Entity

Add the primary objects you're investigating to the incident. You can create three types of entities: file, device, and user.

Manually Add an ArtifactManually Add an Artifact

Provide external evidence to your investigation. You can create five types of artifacts: file, IP, process, URL, or email address.

Add Advanced Analytics Evidence to a Case Manager Incident

If an Advanced Analytics-generated incident doesn't include all the entities or artifacts you need, add them to the incident directly from Advanced Analytics.

Manage Tasks During an Investigation

Follow a defined response plan using tasks. As you progress through your investigation, create, re-assign, change due dates, and close tasks.

Send Messages from an Incident

Send messages, collaborate, and track information right from within an incident.

Filter IncidentsFilter Incidents

Filter the list of incidents to find those that fit a certain criteria. If you frequently use certain criteria, create your own custom filter.

Search for an IncidentSearch for an Incident

Jump to a specific incident based on keyword using the search bar.

Sort Incidents

Sort the list of incidents using the Sort By menu. Use this with filters and search to find the incident you need.

Export IncidentsExport Incidents

To audit incidents, give details about incidents to people outside of your SOC, or archive and back up incident data to your local environment, export a list of incidents to a CSV file.