Skip to main content

Cloud-delivered Case ManagerCase Manager Documentation

Table of Contents

Investigate a Security Incident

Use Case Manager to investigate incidents. Edit incidents and add evidence as your investigation progresses. Complete tasks and follow a defined incident response plan. Communicate directly with stakeholders using case notes and email. Filter, search, and sort incidents to find a specific one.

  • Manually Create an IncidentManually Create an Incident

    Instead of ingesting incidents from a service as they cross a risk threshold or creating an incident from a Smart Timelines™ session summary, manually create an incident if you need one immediately and it's not associated with an Advanced Analytics session.

  • Edit an IncidentEdit an Incident

    Change an incident's details, and reassign the incident to a different person, priority, or status.

  • Manually Add an EntityManually Add an Entity

    Add the primary objects you're investigating to the incident. You can create three types of entities: file, device, and user.

  • Manually Add an ArtifactManually Add an Artifact

    Provide external evidence to your investigation. You can create five types of artifacts: file, IP, process, URL, or email address.

  • Add Advanced Analytics Evidence to a Case Manager Incident

    If an Advanced Analytics-generated incident doesn't include all the entities or artifacts you need, add them to the incident directly from Advanced Analytics.

  • Manage Tasks During an Investigation

    Follow a defined response plan using tasks. As you progress through your investigation, create, re-assign, change due dates, and close tasks.

  • Send Messages from an Incident

    Send messages, collaborate, and track information right from within an incident.

  • Filter IncidentsFilter Incidents

    Filter the list of incidents to find those that fit a certain criteria. If you frequently use certain criteria, create your own custom filter.

  • Search for an IncidentSearch for an Incident

    Jump to a specific incident based on keyword using the search bar.

  • Sort Incidents

    Sort the list of incidents using the Sort By menu. Use this with filters and search to find the incident you need.

  • Export IncidentsExport Incidents

    To audit incidents, give details about incidents to people outside of your SOC, or archive and back up incident data to your local environment, export a list of incidents to a CSV file.