Customize the Close Case dialog (Admin)

Supported in:

In Google SecOps, the Close Case dialog appears when you close a case. This dialog includes default parameters: Reason, Root Cause, and Comment. However, you can customize it by adding new parameters or root causes to enhance case documentation.

This document outlines how to:

  • Add dynamic fields to the Close Case dialog.
  • Add new root causes to the Root Cause drop-down.

For details on closing cases, see How to close cases.

Add a Custom Field for Close Case

To customize the Close Case dialog with additional parameters:

  1. Navigate to SOAR Settings > Case Data > Close Case.
  2. Click add Add Custom Parameters.
  3. Complete the common fields:
    • Name: Enter a name for the new parameter.
    • Type: Choose the type of field you want to add from the Type drop-down:
      • Free Text: You can name this field to let the analyst enter specific details. For example, you can call this field Customer phone number, and then the analyst can enter the relevant contact details.
      • Radio Button: Lets the analyst select one of two options. For example, to specify whether a case was resolved or needs to be escalated for further investigation. In this case, in the Radio Button Content field, you can enter Mitigated and Escalated as the two options to choose from.
      • Single Choice List: Lets the analyst select one option from a drop-down. For example, to categorize the type of threat identified in a case, you can enter Malware, Phishing, and Insider Threat as the list options to choose from.
      • Multi Choice List: Lets the analyst select multiple options from a drop-down. For example, to select multiple actions that were carried out to mitigate or respond to an incident, you can enter Containment Measures Implemented, System Patches Applied, User Education Provided, Alerts Updated, Access Revoked as the list options.
    • Default Value: Lets you set a pre-filled option that appears in the field by default in the Close Case dialog. You can leave the Default Value field blank if you don't want to pre-select an option. If you already chose a default value from the list, and want to keep the default value blank, choose the Reset option.
    • Description: Add a description to appear as a tooltip when hovering over the info next to the parameter in the Close Case dialog.

Add a New Root Cause

To add a root cause to the Root Cause drop-down in the Close Case dialog:

  1. Navigate to SOAR Settings > Case Data > Close Case.
  2. Click addAdd Root Cause. The Add Case Close Root Cause dialog appears.
  3. Select a reason from the Reason drop-down and provide relevant information in the Root Cause field.
  4. Click Add to save the root cause.