Create cases

We create cases for the detections that you're most likely to want to investigate. You can also create cases.

You can create a case from the Cases page and add detections to it later. See Create a case from the Cases page.

Alternatively, you can go to the Detections page, find detections you want to investigate, and create a new case for them. See Create a case from the Detections page.

Create a case from the Cases page

1. Go to Threat Analysis Center > Cases.

2. On the Cases page, click Create case in the upper right.

   

3. In Create case, do as follows:

   1. Enter a case name and description.
   2. Select the Severity.
   3. Select the Status (New or Investigating).

   4. Select an Assignee. This is the admin who will investigate the case.

      You must select an assignee before you can create the case.

   5. Click Create.

   

4. Go to Threat Analysis Center > Detections.

5. In the Detections list, select the detections you want to add.

   

6. Click Actions > Add to Case.

   

7. Select a case and click Add to Case.

   

Now you're ready to investigate. See Investigate cases.

You can add more detections to your case from the Detections page.

Create a case from the Detections page

1. Go to Threat Analysis Center > Detections.

2. In the Detections list, select the detections you want to investigate.

   

3. Click Actions > Create Case.

   

4. In Create case, do as follows:

   1. Enter a case name and description.
   2. Select the Severity.
   3. Select the Status (New or Investigating).

   4. Select an Assignee. This is the admin who will investigate the case.

      You must select an assignee before you can create the case.

   5. Click Create.

   

Now you're ready to investigate. See Investigate cases.

You can add more detections to your case from the Detections page.