Create a manual case

You have the option to manually create a case. When you create a case, you are able to input specific data. This can be useful in ingesting information of an alert for example, information that was reported from a non-cyber source. 

  1. Click add Add and select Create Manual Case.

  2. In the first step of the wizard, specify the following case properties:
    • Case Title: Title for the new case.
    • Creation Reason: Type a reason for creating the case. 
    • Environment: Select the specific environment being monitored.
    • Assigned To: Assign the case to a specific role/user.
    • Priority: Set a priority for the case based on the preference with which the case has to be handled.
    • Mark as Important: Select the toggle button to mark a case as important or not important as required.
  3. Click Next.
  4. In the Alert step of the wizard, specify the alert information:
    • Alert Name: Type a name for the security alert.
    • Occurrence Time: Specify the date and time of the occurrence of the alert (using the calendar).
    • SLA: Specify a date and time within which the SOC team commits to resolve the alert in the case.
  5. Click Next when done. 
  6. In the Entities step, select any required existing entities. You can also choose to add an entirely new identity with a corresponding identifier. You can choose to mark the entity as suspicious which marks them in red in the display. You can also choose to mark them as part of the organization's internal network.
  7. Click Next when done. 
  8. In the Tags step, select any existing tags, create new tags, or leave blank, according to your needs.
  9. Click Next when done.
  10. In the Playbooks step, select any relevant playbooks to be attached to the alerts.
  11. Click Finish when done.