This feature allows you to customize the cases list view, by applying the specific filters you can view only what is required.
- On the left navigation bar, Click the Cases icon to view the following page.
- The Cases screen displays the details of each case. Click the drop-down above the grid to filter cases as follows:
- Assigned to me: Lists cases that are assigned to the logged in user.
- Open: Lists all the open cases
- Closed: Lists all closed cases.
The listing page includes the following details in the grid format
Field |
Description |
Case Name |
Displays the case name |
Severity |
Displays the severity level of cases |
Artifacts |
Displays the list of suspects |
Signals / Risk Score |
Displays the number of signals raised and the risk score assigned to this case |
Status |
Displays whether the case is open/closed |
Handler |
Displays the name of the user investigating this case |
- On the cases list page, click on a particular case to view the details of all the signals assigned to that particular case.
- This screen displays all the summary of all the signals and artifacts that are associated with the selected case.
- Signals: All the potential threats that are assigned to the selected case will be displayed, it would include the following details.
-
- Name of the signal
- Date and time of the signal
- Technique and tactic of the signal
- Target / Suspect Host IP Address
- Graphical view of signals
-
- Artifacts: Artifacts are the evidence that are gathered against the potential threats i.e. the suspect that should be investigated.
- Signals: All the potential threats that are assigned to the selected case will be displayed, it would include the following details.
- For example, in this scenario, it displays the signals and artifacts that are part of the graph, multiple systems have been suspected of targeting this one system
You will be able to identify the following from the graph
-
- The targets
- The suspects
- Compromised users
- All the concurrent connections that were accessed by the particular compromised user.
- The different anomalies detected - Authentication anomalies / User location anomalies.
- Click the Artifacts tab to view the list of suspects associated with the cases. For further investigation refer to the Investigate Anywhere doc.
- Click the Responses tab to view the list of suspects associated with the cases and the responders associated with the entity.
The top bar of the cases screen displays the case name, handler name, severity level and status of the individual case. You can also update these details as per requirement by clicking on the existing details.