Solutions and Applications
...
AI SOC Applications
Case Management (CASE)
case management is used once a signal requires sustained investigation 1\) open case management navigate to application records > case management open the case linked from a signal or create a new case 1a) tabs case management primary case details and analyst input timeline case activity history audit record changes and user actions support manual actions and support tools 2\) core fields case identity case name, case summary , classification ownership and status current owner , status , priority , severity , requires attention for signals escalated to this case, manual verdict , status , priority , severity , and classification are edited here on the case record (they are read only on the signal once escalated); changes sync to the linked signal timeline and history timeline , first created, last updated, history evidence evidence files, after action report , case comments lifecycle timing time assigned, time blocked, time mitigated, time resolved 2a) analyst input panel document the current hypothesis in case summary use case comments to capture investigation notes add files in evidence files to keep artifacts with the case 2b) case management panels signal triage and reporting sections provide related context without leaving the case 2a) case workflow document the current hypothesis in case summary track decisions and rationale in case comments attach evidence files as you collect artifacts update status and severity as findings evolve analyst tips use case summary to document the current hypothesis track key findings in case comments and attach evidence files commonly used fields case name, case summary , classification for identification status , severity , priority , requires attention for tracking current owner and timeline for accountability evidence files and after action report for documentation support tab actions sync case to sig records to update linked signal records claim case to assign the case to yourself detailed workflow confirm the linked signal and add key context to case summary add or update case comments as investigation progresses attach supporting evidence files and update after action report at closure use status , severity , and requires attention to track progress and risk