Create a case from IoCs or observables

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • In Threat Intelligence, you can create a case from artifacts (IoCs or observables). After the IoCs or observables have been used to create a case, you can use Security Case Management to analyze the data.

    Avant de commencer

    The Threat Intelligence plugin must be activated to use Security Case Management.

    Role required: sn_ti.case_user_write

    Procédure

    1. Navigate to the artifacts (IoCs or observables) you want to use to create a case.
      • To create a case from IoCs, navigate to Threat Intelligence > IoC Repository > Indicators.
      • To create a case from observables, navigate to Threat Intelligence > IoC Repository > Observables.
    2. In the list, select the artifacts you want added to a new case.
      Remarque :
      If you select multiple IoCs or observables, they are all added to the case.
    3. From the Actions on selected items drop-down list, select Add to Security Case.
      Add indicators to a new case
      The Add to Security Case dialog box opens. If you already have cases assigned to you, they display in the list.
      Add an indicator to the case
    4. Click Create New Case.
    5. Fill in the fields.
      Field Description
      Case Name Enter a name for this case.
      Description Enter a description that would be of value to the case analyst.
    6. Click Submit.
      A message at the top of the list indicates that a new case has been created, along with a link to the case in Security Case Management.
    7. Click the link to view the new case.