Case Workflows
Case workflows define how cases progress through your organization’s incident response or investigation process. This guide explains how to work with and customize case workflows.
Case Status Stages
Cases can be in one of three main stages:
- New: Recently created cases requiring initial triage
- InProgress: Cases actively being worked on
- Closed: Resolved or completed cases
![Case Status Flow] Diagram showing the progression of cases through different status stages
Customizable Status Labels
Within each stage, organizations can create custom status labels:
- New Stage: Initial Triage, Pending Review, etc.
- InProgress Stage: Investigating, Waiting for Response, etc.
- Closed Stage: Resolved, False Positive, etc.
Status Properties
Each status has the following properties:
- Label: Display name for the status
- Color: Visual indicator for the status
- Stage: Associated workflow stage
- Can Delete: Whether the status can be removed
- Value: Unique identifier for the status
![Status Management] Screenshot of the status management interface in settings
Workflow Automation
Triggers
Workflows can be automated based on various triggers:
- CaseCreated: When a new case is created
- CaseUpdated: When case properties are modified
- CaseDeleted: When a case is removed
Actions
Automated actions can include:
- Status changes
- Assignment updates
- Notification generation
- Integration with external systems
- Custom script execution
Status Transitions
Manual Transitions
Users can manually change case status based on their permissions:
- From the case detail view
- Through bulk actions in the case list
- Via the API
Automated Transitions
Status can change automatically based on:
- Time-based rules
- Alert updates
- External system triggers
- Workflow automation rules
Permissions and Roles
Status management is controlled by user permissions:
- caseUpdate: Required to change case status
- caseCreate: Needed to set initial status
- caseDelete: Required for certain status transitions
Workflow Analytics
Track and analyze your case workflows:
- Time in each status
- Common transition patterns
- Bottlenecks and delays
- Team performance metrics
![Workflow Analytics] Screenshot showing workflow analytics dashboard
Best Practices
- Status Clarity: Use clear, descriptive status names
- Color Coding: Choose distinct colors for different stages
- Automation: Automate routine status changes
- Metrics: Monitor time spent in each status
- Documentation: Maintain clear status transition guidelines
Configuration
Adding New Status
- Navigate to Case Status settings
- Click “Add Status”
- Configure properties:
- Label
- Stage
- Color
- Value
- Save changes
Modifying Workflows
- Access Workflow settings
- Create or edit workflow rules
- Define triggers and actions
- Test workflow automation
- Deploy changes
Integration
Workflow status can integrate with:
- External ticketing systems
- SIEM platforms
- Communication tools
- Custom applications
For more information on working with cases, see Working with Cases.