Case Detail View

The case detail view is your primary workspace for managing cases: ![Case Detail Interface] Screenshot showing the main case detail interface with all components

Key Areas

  1. Header: Case title, ID, and quick actions
  2. Details Panel: Core case properties and metadata
  3. Tabs: Access different case components
  4. Activity Timeline: Recent updates and changes

Case Components

1. Tasks

Tasks help track action items within a case:
  • Create and assign tasks
  • Set priorities and due dates
  • Track task completion
  • Add task notes and attachments
![Tasks Tab] Screenshot of the tasks management interface

2. Observables

Manage artifacts and indicators:
  • Add files, IPs, domains, and other observables
  • Automatic enrichment
  • Relationship visualization
  • Threat intelligence lookup
![Observables Tab] Screenshot showing observable management and analysis

3. TTPs (Tactics, Techniques, and Procedures)

Map case activities to known attack patterns:
  • MITRE ATT&CK® framework integration
  • Custom TTP definitions
  • Visual attack flow mapping
  • Related procedure documentation
![TTPs Tab] Screenshot of the TTP mapping interface

4. Timeline

Chronological view of case activities:
  • Automatic event tracking
  • Manual timeline entries
  • Filter and search capabilities
  • Evidence timeline reconstruction
![Timeline Tab] Screenshot showing the case timeline view

5. AI Insights

AI-powered analysis and recommendations:
  • Automated case analysis
  • Similar case detection
  • Recommendation engine
  • Pattern recognition
![AI Insights Tab] Screenshot of AI-powered insights and recommendations

Case Actions

Assignment and Collaboration

  • Assign cases to team members
  • Transfer ownership
  • Add collaborators
  • Team notifications

Linking and Relationships

  • Link related cases
  • Connect alerts
  • Establish observable relationships
  • Create case groups

Documentation

  • Add notes and comments
  • Attach files and evidence
  • Generate reports
  • Export case data

Case Merging

When multiple cases are related:
  1. Select cases to merge
  2. Choose primary case
  3. Review relationships
  4. Confirm merge action

Analysis Tools

1. Search and Filters

  • Full-text search
  • Advanced filtering
  • Saved searches
  • Custom views

2. Visualizations

  • Relationship graphs
  • Timeline views
  • Statistical analysis
  • Custom dashboards

3. Reporting

  • Case summaries
  • Status reports
  • Team metrics
  • Custom report templates

Best Practices

  1. Documentation: Keep detailed notes and updates
  2. Observables: Add context to all observables
  3. Tasks: Break down complex investigations
  4. Timeline: Document key findings and decisions
  5. Collaboration: Use comments for team communication

Keyboard Shortcuts

Common actions have keyboard shortcuts:
  • Ctrl/Cmd + S: Save changes
  • Ctrl/Cmd + E: Edit mode
  • Ctrl/Cmd + F: Search
  • Esc: Cancel/Close

Mobile Access

The case interface is responsive and supports:
  • Mobile viewing
  • Basic editing
  • Task management
  • Status updates
![Mobile Interface] Screenshot showing the mobile case interface

Integration Features

Cases integrate with:
  • Email notifications
  • Slack/Teams messages
  • Webhook triggers
  • External systems
For information about case workflows and status management, see Case Workflows.