- Get Started with Threat Center
- Group Detections
- Work on Cases
- Work on Alerts
- Edit and Collaborate in Threat Center
- Use Automation Tools in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
Convert an Alert to a Case
Convert an alert to a case to start tracking your response to a threat and assign the case to the person responsible for responding.
When you convert an alert to a case, the case is associated with the alert; alert attributes and related detection attributes are copied to the case. To create a case that's not connected to an alert, manually create a case.
In an alert, click Convert to Case.
Enter information about the case:
(Optional) Stage – Select a case stage. If you select Closed, under Closed Reason, enter the reason why you're closing the case.
(Optional) Queue – Assign the case to the case queue responsible for responding.
(Optional) Assignee – Assign the case to the person responsible for responding.
Priority – Select the case's priority: low, medium, high, or critical.
Click Create. The case appears in the list under the Cases tab. When you select the associated alert, you are now automatically redirected to the case. This action is recorded in the case and alert history.