Case Management

​

Overview

​

Key Features

• Case Lifecycle Management: Track cases from creation to resolution
• Customizable Status Workflows: Configure case statuses to match your organization’s processes
• Team Collaboration: Assign cases to team members and track their progress
• Rich Metadata: Track severity, TLP (Traffic Light Protocol), and PAP (Permissible Actions Protocol)
• Tagging System: Organize cases with customizable tags
• Integration with Alerts: Link related alerts to cases
• AI Insights: Automated analysis and insights for cases (when enabled)
• Audit Trail: Complete timeline of case activities and changes

​

Case Properties

​

Core Properties

• Case ID: Unique identifier (auto-generated)
• Title: Descriptive name of the case
• Description: Detailed information about the case
• Status: Current state in the workflow (New, InProgress, Closed)
• Severity: Impact level (1-5)
• TLP: Traffic Light Protocol classification
• PAP: Permissible Actions Protocol level
• Tags: Custom labels for categorization
• Custom Fields: Organization-specific additional data

​

Metadata

• Created By: User who created the case
• Created At: Timestamp of case creation
• Updated At: Last modification timestamp
• Assigned To: Team member responsible for the case
• Organizations: Associated organizations (for multi-tenant setups)

​

Related Components

• Alerts: Security alerts that triggered or are related to the case
• Observables: Artifacts and indicators associated with the case
• Tasks: Action items and to-dos within the case
• TTPs: Tactics, Techniques, and Procedures identified in the case
• Timeline: Chronological record of case activities
• AI Insights: AI-powered analysis and recommendations (if enabled)

​

Next Sections

• Creating Cases
• Case Workflows
• Working with Cases
• Case Settings
• AI Features