Alert and Case Management Features Introduced in 2023
November 2023
This release does not include new features for Alert and Case Management.
October 2023
The following features were introduced in Alert and Case Management in October 2023:
Feature | Description |
|---|---|
Risk Score | You can now quickly determine the risk level of a detection, alert, or case with risk scores. Risk scores now determine the alert or case priority by default. Cases and alerts are now sorted by risk score, from highest to lowest, by default. |
New Default Alert and Case Management View | You can now get to your open cases more quickly. When you enter Alert and Case Management, the first thing you see is open cases created in the last week. |
Age Column | You can now see time elapsed since the case or alert was created under the Age column. You can also use this column to sort cases and alerts by age.  |
Case and Alert Attributes Editing Enhancements | You can now edit the name, description, MITRE TTPs, Exabeam use cases, and tags associated with a case or alert all at once.  |
Deprecated Read/Unread Status | The ability to mark a case or alert as read or unread was removed. |
Deprecated Detection Editing | The ability to edit detection attributes was removed. You can now edit the MITRE TTPs, Exabeam use cases, and tags associated with an alert or case without editing their related detections. |
Deprecated Status Search | The ability to search for cases or alerts using the status field was removed. |
September 2023
This release does not include new features for Alert and Case Management.
August 2023
This release does not include new features for Alert and Case Management.
July 2023
The following features were introduced in Alert and Case Management in July 2023:
Feature | Description |
|---|---|
Detections | A detection is a record of risky activity symptomatic of a threat. You can view detections and edit their attributes in the Threat Timeline. |
Threat Timeline | You can now understand the historical context of alerts and cases with the Threat Timeline. The Threat Timeline organizes related detections and key response moment into chronological order so you can visualize the scope of an investigation at a glance and quickly pinpoint detections and events to investigate.  |
Deprecated Third-Party Alert Support | Events categorized as third-party alerts no longer automatically create Alert and Case Management alerts. To create Alert and Case Management alerts for third-party alerts, create a correlation rule. |
Deprecated Case and Alert Export | Alert and case export was temporarily removed and will return later this year. |
Deprecated Case Flagging | The ability to flag a case as an incident was removed. To indicate a case is an incident, use tags. |
June 2023
This release does not include new features for Alert and Case Management.
May 2023
This release does not include new features for Alert and Case Management.
April 2023
This release does not include new features for Alert and Case Management.
March 2023
The following features were introduced in Alert and Case Management in March 2023:
Feature | Description |
|---|---|
Individual Alert and Case Export | You can now export an individual alert or case to a CSV file to archive or share Alert and Case Management data with third-party applications.  |
Text Formatting | You can now add formatting, like styles, links, and code blocks to alert and case descriptions and case notes to enhance your communication and better coordinate a complex incident response.  |
February 2023
The following features were introduced in Alert and Case Management in February 2023:
Feature | Description |
|---|---|
Alerts and Cases Export | You can now export alerts or cases to a CSV file to archive or share Alert and Case Management data with third-party applications. |
January 2023
The following features were introduced in Alert and Case Management in January 2023:
Feature | Description |
|---|---|
File Attachments | You can now attach files relevant to your triage, investigation, and remediation efforts to an alert or case. |