- Get Started with Threat Center
- Group Detections
- Work on Cases
- Triage Alerts in Threat Center
- Edit and Collaborate in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
View Case or Alert History
Find all changes made to a case or alert.
In a case or alert, navigate to History. View:
Timestamp – The date and time the change was made
User/Actor – Who or what made the change. Detection Grouping indicates a detection grouping rule made the change. Automation indicates an Automation Management playbook made the change.
Case Event – What change was made
Event Details – The details of the change
The case or alert records all changes, including when:
A case is created
Detection grouping rules add detections to a case or alert and how that changes the case or alert risk score
The case or alert attributes are edited
Someone reads, or in other words, opens, a case or alert
Someone adds, downloads, or removes an attachment in a case
Someone sends case or alert information to email or webhook.