- Get Started with Threat Center
- Group Detections
- Work on Cases
- Work on Alerts
- Edit and Collaborate in Threat Center
- Use Automation Tools in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
Manually Create a Case
Create a case to start tracking your response to a threat and assign the case to the person responsible for responding.
You can also create a case automatically using Correlation Rules or Automation Management playbooks or convert an alert to a case.
In the Cases tab, click + Create case.
Enter information about the case:
Name – Enter a case name.
Briefly explain this alert – Enter a case description. To better communicate your message, you can also format the text.
Stage – Select a case stage. If you select CLOSED, in Type a reason, enter why you're closing the case. To better communicate your message, you can also format the text.
Queue – Assign the case to the queue responsible for responding.
Assignee – Assign the case to the person responsible for responding.
Priority – Select the case priority: Low, Medium, High, or Critical. The case priority determines the case risk score:
Low – The case is assigned a risk score of 25.
Medium – The case is assigned a risk score of 50.
High – The case is assigned a risk score of 75.
Critical – The case is assigned a risk score 100.
MITRE TTPs – Select the MITRE ATT&CK® techniques that best describe the case.[6]
Use Cases – Select the use cases that best describe the case.
Custom Tags – Select or create relevant tags.
Click Create Case.
[6] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.