Cases - Beta
- Ayush Gupta
- Anupriya Asthana
Purpose
Cases are used to organize a set of alerts and assign them to a user for action. Cases also link comments and actions to a set of alerts.
What are Cases?
Cases serve as a central hub for managing and tracking security incidents from initial detection to final resolution. A case represents a single security incident that needs investigation and response. This could be anything from a suspected phishing email to a potential malware infection or a data exfiltration attempt.
Cases are a fundamental building block of your security orchestration, providing a structured and efficient way to manage the entire lifecycle of security incidents. They empower security teams to respond more effectively, consistently, and collaboratively, ultimately improving the organisation's overall security posture.
What permissions do I need?
To access this area and manage existing cases, you need the Case management permission. If you do not have this permission, you will not see the option in the Navigation pane (more info about permissions here).
Additionally, to check the triggered alerts associated with cases in the Triggered alerts area, you need at least the Triggered alerts (view) permission. Having the managed version will also allow you to associate more alerts or disconnect them.
Learn More in Details