- Get Started with Threat Center
- Group Detections
- Work on Cases
- Triage Alerts in Threat Center
- Edit and Collaborate in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
Case Queues
Assign cases to groups of users and share your workload with Threat Center case queues.
A case queue is a designated group responsible for responding to a case. You assign a case to a queue.
When you assign a case to a queue, you can only assign the case to an assignee who is a queue member. If you assign a case to a queue and the current assignee is not a queue member, the assignee is changed to Unassigned.
To find cases assigned to your queue, search for cases assigned to your queue.
To manage queues, you must have the read, write, and delete permission for Threat Center cases. Navigate to Settings > Customizations > Manage Queues. View information about your queues, including:
Queue Name – The name of the queue.
Users – The number of users assigned to the queue.
Updated On – The date and time the queue was last edited.
There are three pre-built queues: Tier 1, Tier 2, and Tier 3. By default, there are no users assigned to the pre-built queues. To start using a pre-built queue, edit the queue and assign users to it. You can't delete pre-built queues.
You can also create your own queues. After you create a queue, you can edit or delete it.