Add security incident to TISC case

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Add security incidents to TISC case records.

    Before you begin

    Role required: sn_si.analyst, sn_sec_tisc.case_write

    Procedure

    1. Navigate to Workspaces > Security Incident Response Workspace > Security Incidents > All.
    2. Locate and open any specific security incident that you are investigating.
      This can also be done by searching for the incident ID or browsing from Quick Filters section or filtering through incident state.
    3. Click on More actions icon.
    4. Click Add to TISC Case action.
      Add to TISC Case dialog box displays and this only shows those TISC cases where the incident is not already associated.
    5. Select the case(s) from the Add to Case dialog box.
      Add to TISC Case Modal
      Note:
      Create a new TISC case if there no case records. For more information on how to create case(s), see Creating cases using Threat Analyst Workbench.
    6. Click Add.
    7. Click the Case record to view the case in TISC from the information message displayed or from the Activity stream.
      Note:
      To view the linked security incidents, click on the particular case record from the security incident Activity stream. By clicking on this will take you to the case record in TISC workspace and the security incidents will get added under Artifacts tab of the Case Management module.