Cases#
In this section you can find information about cases.
A case provides information on suspicious activity in the environment. It provides information on the security incidents, observables, alerts, and affected users. Security analysts can conduct specific analysis based on cases to assess the possibilities of threats.
Cases can be created from various sources. Each security case consists of a title, tags, task rules, obsevable rules a description of case details, and all the details related to the case that help in building an argument for identifying and dealing with particular threats.
View case details#
To view case details:
-
Click on any of the cases displayed in the list to view more details.
The case list page displays various tabs that have more details about each case such general tab, tasks, observables, TTPs, attachments, timeline, pages tab.