Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store

Create an observable from a case

Create an observable from a case

New observables can be created from cases in Security Case Management.

Before you begin

Role required: sn_ti.case_user


  1. Navigate to Threat Intelligence > Case Management > All Cases.
    The Security Cases list opens.
  2. Either open an existing case or click New to create a new case.
  3. Click the Case Artifacts related link and click the Observables tab.
  4. Click New and enter the requested information.
    Field Description
    Value [Read only] The case number.
    Observable type Enter a descriptive name for the case.
    Observable type category Select the type of case being investigated.
    Incident count Select the importance of this case (from Critical to Low).
    Finding [Read only] The date and time the case was last updated.
    Notes A brief description of the case.
  5. Click the Additional Case Details tab.
  6. Fill in the fields as appropriate.
    Field Description
    Created by [Read only] The name of the user who created this case.
    State The current state of the case. At case creation, the State defaults to Draft.
    Work notes list Click the check box to display the work notes in the Additional Case Details section of the case record.
    Work Notes If needed, type a work note for the case. If the Work notes list is selected, the work note appears in the Additional Case Details section of the case record.
  7. Click Submit.
    As needed, you can click the Case Artifacts tab and add artifacts to the case.

This site is scheduled for a small content update on Monday, November 19th, between the hours of 3:30pm and 5:00pm Pacific Time (Nov 19 23:30 – Nov 20 1:00 UTC). Acces to this site may be slightly delayed during that time.