Create a case from affected users

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • You can create a security case from affected users in the User [sys_user] table. After the affected users have been used to create a new case, you can use Security Case Management to analyze the data.

    Before you begin

    The Threat Intelligence plugin must be activated to use Security Case Management.

    Role required: sn_ti.case_user_write

    About this task

    You need to navigate to the users you want to use to create a case.

    Procedure

    1. Navigate to All > User Administration > Users.
      The list for the selected users opens. From the list, you can create a new case from one or more user records, or you can select a specific user record and create a new case from the form.
    2. From the list, select the users you want added to a new case.
    3. From the Actions on selected items drop-down list, select Add to Security Case.
      Add a user to a new case
      The Add to Security Case dialog box opens. If you already have cases assigned to you, they display in the list.
      Add a user to a new case
    4. Click Create New Case.
    5. Fill in the fields.
      Field Description
      Case Name Enter a name for this case.
      Description Enter a description that would be of value to the case analyst.
    6. Click Submit.
      A message at the top of the list indicates that a new case has been created, along with a link to the case in Security Case Management.
    7. Click the link to view the new case.