Add a security incident to a security case

If you determine that a security incident requires a higher level of analysis, add it to a new or existing case.

Before you begin

The Threat Intelligence plugin must be activated to use Security Case Management.

Role required: sn_si.admin, sn_ti.case_user_write

Procedure

  1. If it not already open, navigate to the security incident that requires escalation. For example, you can navigate to Security Incident > Incidents > Assigned to Me, and open the security incident.
  2. Click the Add to Security Case related link.
    The Add Security Incident(s) to Security Case dialog box opens.
    Add this security incident to an existing or new case
  3. To add a case to this security incident, fill in the fields as appropriate, then click Submit.
    Field Description
    Security Case Select the security case.
    Optional notes As needed, enter additional notes that would be of value to the case analyst.
  4. If you have one or more cases assigned to you, to create a new case and assign the security incident to it, click Create new case to show additional fields.
    Add this security incident to a new case
    Note: If you do not have any cases assigned to you, the Add Security Incident(s) to Security Case screen opens first.
  5. Fill in the fields as appropriate.
    Field Description
    Security Case Name Enter the name of the new security case.
    Description Enter a description for the case.
    Case Type Select the type of case being investigated.
    Optional notes As needed, enter additional notes that would be of value to the case analyst.
  6. Click Submit.
    A message appears at the top of the security incident, along with a link to the new case.