Create a case from CIs

You can create a security case from configuration items in the Configuration Item [cmdb_ci] table. After the CIs have been used to create a new case, you can use Security Case Management to analyze the data.

Before you begin

The Threat Intelligence plugin must be activated to use Security Case Management.

Role required: sn_ti.case_user_write

Procedure

  1. Navigate to the configuration items you want to use to create a case. For example, you can navigate to Configuration > Base Items > Computers to view CIs for computers.
    The list for the selected CI type opens. From the list, you can create a new case from one or more CIs, or you can select a specific CI and create a new case from the form.
  2. From the list, select the CIs you want added to a new case.
  3. From the Actions on selected items drop-down list, select Add to Security Case.
    Add a CI to a new case
    The Add to Security Case dialog box opens. If you already have cases assigned to you, they display in the list.
    Add a CI to a new case
  4. Click Create New Case.
  5. Fill in the fields.
    Field Description
    Case Name Enter a name for this case.
    Description Enter a description that would be of value to the case analyst.
  6. Click Submit.
    A message at the top of the list indicates that a new case has been created, along with a link to the case in Security Case Management.
  7. Click the link to view the new case.