Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Create a case from affected users

Create a case from affected users

You can create a security case from affected users in the User [sys_user] table. After the affected users have been used to create a new case, you can use Security Case Management to analyze the data.

Before you begin

The Threat Intelligence plugin must be activated to use Security Case Management.

Role required: sn_ti.case_user_write

Procedure

  1. Navigate to the users you want to use to create a case. For example, you can navigate to User Administration > Users.
    The list for the selected users opens. From the list, you can create a new case from one or more user records, or you can select a specific user record and create a new case from the form.
  2. From the list, select the users you want added to a new case.
  3. From the Actions on selected items drop-down list, select Add to Security Case.
    Add a user to a new case
    The Add to Security Case dialog box opens. If you already have cases assigned to you, they display in the list.
    Add a user to a new case
  4. Click Create New Case.
  5. Fill in the fields.
    Field Description
    Case Name Enter a name for this case.
    Description Enter a description that would be of value to the case analyst.
  6. Click Submit.
    A message at the top of the list indicates that a new case has been created, along with a link to the case in Security Case Management.
  7. Click the link to view the new case.

Updates to site content will be made starting around 4am on January 17th (Pacific Time) and lasting approximately 6 hours.  This site may be intermittently unavailable.