Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Create an observable from a case

Log in to subscribe to topics and get notified when content changes.

Create an observable from a case

New observables can be created from cases in Security Case Management.

Before you begin

Role required: sn_ti.case_user


  1. Navigate to Threat Intelligence > Case Management > All Cases.
    The Security Cases list opens.
  2. Either open an existing case or click New to create a new case.
  3. Click the Case Artifacts related link and click the Observables tab.
  4. Click New and enter the requested information.
    Field Description
    Value [Read only] The case number.
    Observable type Enter a descriptive name for the case.
    Observable type category Select the type of case being investigated.
    Incident count Select the importance of this case (from Critical to Low).
    Finding [Read only] The date and time the case was last updated.
    Notes A brief description of the case.
  5. Click the Additional Case Details tab.
  6. Fill in the fields as appropriate.
    Field Description
    Created by [Read only] The name of the user who created this case.
    State The current state of the case. At case creation, the State defaults to Draft.
    Work notes list Click the check box to display the work notes in the Additional Case Details section of the case record.
    Work Notes If needed, type a work note for the case. If the Work notes list is selected, the work note appears in the Additional Case Details section of the case record.
  7. Click Submit.
    As needed, you can click the Case Artifacts tab and add artifacts to the case.