View Cases

Case Listing Page
  • On the left navigation bar, Click the Cases icon to view the cases listing page.
  • The top section of the case listing page showcases essential case statistics, including the distribution of cases by severity levels and status values. It also highlights the top handlers, details about the oldest open case, average duration of open cases, MTTA and MTTR values.


FieldsDescription
SeverityDisplays the distribution of cases by severity levels:
Critical
High
Medium
Low
StatusDisplays the distribution of cases by status values:
Open Unassigned
Open Assigned
In-Progress
On-HoldClosed
Top HandlersLists the top handlers along with the count of cases assigned to each.
Oldest open caseShows the oldest open case along with the duration it has been open.
Mean Time To Acknowledge (MTTA)Displays the average time taken to acknowledge a security alert after it has been generated
Mean time to resolution (MTTR)Displays the average time taken to fully resolve a security incident starting from when it was acknowledged.
Open cases ageDisplays the average duration of open cases.
  • The table below the top section displays all cases, sorted with the most recent case at the top.



  • A case has the following attributes:
FieldsDescription
Created TimeThe time at which the case was created
Case NameA descriptive title summarizing the nature of the case
SeverityIndicates the severity or importance (e.g., Low, Medium, High, Critical).
SignalsSignals associated with the Case
ArtifactsThe evidence gathered in Signals associated with the case i.e. the Suspect and Target objects that should be investigated.
Risk scoreThe sum of the detection scores of all Signals associated with the Case.
StatusCurrent state of the case (e.g. Open, In-Progress, On-Hold, Closed).
NotesDetails of the actions performed on the case and notes captured by users.
Time to AcknowledgeThe time taken to Acknowledge a security alert after it has been generated.
Time to ResolveThe time taken to fully resolve a security incident starting from when it was acknowledged.
HandlerThe investigator responsible for handling the case.
  • Global Cases provides a consolidated view of all cases across Tenants and Scopes, accessible to users with the appropriate permissions.
     Note: Tenants were previously referred to as Clusters.

View Case Details

  • On the Case listing page, click on a case to view its details. The following screen is displayed.




  • The top bar displays the name, the handler, severity level and status of the case.



  • The Signals tab displays the list of all signals associated with the selected case. The following details are displayed on this tab:
    • Name of the signal
    • Date and time of the signal
    • Technique and tactic of the signal
    • Target / Suspect Host IP Address
    • Graphical view of signals
  • The following entities can be identified from the Graph
    • The targets
    • The suspects
    • Compromised users
    • All the concurrent connections that were accessed by the particular compromised user.
    • The different anomalies detected – Authentication anomalies / User location anomalies.
  • The Responses tab displays the list of all the Suspect and Target objects, identified in Signals associated with the case. It also allows the user to respond to each object.