- Case Manager Release Notes
- Get Started with Case Manager
- Configure Case Manager Settings
- Investigate a Security Incident
- Manually Create an Incident
- Edit an Incident
- Delete an Incident
- Manually Add an Entity
- Manually Add an Artifact
- Delete an Entity or Artifact
- Add Advanced Analytics Evidence to a Case Manager Incident
- Manage Tasks During an Investigation
- Send Messages from an Incident
- Filter Incidents
- Search for an Incident
- Sort Incidents
- Export Incidents
Create a Custom Incident Filter
Filter incidents to find ones that fit a certain criteria. If you frequently use certain filter inputs to match a criteria, create a custom filter.
Next to the filter name, select the down arrow. The filter menu opens.
Select + Create New Filter. The existing filter inputs clear.
Give the new filter a unique name, then press Enter or Return on your keyboard.
Specify the filter inputs:
Queue – Assign the incident to queue.
Assignee – Assign the incident to a person.
Date – Specify the dates the incident started, ended, was received, or closed.
Incident Type – Select a type that best matches the security scenario.
Status – Indicate the current state of your investigation.
Priority – Indicate how urgent the incident is.
Entity – Enter the name of an entity.
Artifact – Enter the name of an artifact.
Keyword – Search for a word or phrase. You can only search incident names, fields, entity fields, and artifact names. You can't search file content.
Next to the filter name, click Save.