Add to Case

  • Release version: Xanadu
  • Updated August 1, 2024
  • 1 minute to read

    • Add observables, indicators, or other objects to the case.

    Before you begin

    Role required: sn_sec_tisc.analyst

    Following is the procedure that shows how to add a case to an observable record.

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center > Threat Intel Library > Observables > All Observables.
    2. Select the observable(s).
    3. Click Add to Case button.
      This displays only the cases where the record is not already associated.

      Add to Case

    4. Verify if you want to add the record to the existing cases and if so select the exiting case otherwise click Create New Case.
      Create a new case by entering the following information.
      Table 1. Create New Case
      Field Description
      Case ID A unique identifier for the case. This is system generated ID.
      Short Description Summary of the request or issue that is being investigated or a short description.
      Case Type

      Select the type of case being investigated. The possible options for the investigation are:

      • Threat Hunting
      • Request for Information
      • Vulnerability Management Case
      • Compliance Case
      • Incident Response Case
      • Collaboration Case
      • Others
      Priority An assessment of the severity of the request or issue.
      Assignment Group The assigned group responsible for working on the case.
      Assigned to The Analyst who is responsible for working on a case.
    5. Click Create if you are creating a new case.
      Note:
      The new case is added to the existing case list.
    6. Select the newly added case(s).
    7. Click Add.
      An information message is displayed that the selected records are added to case(s) successfully.