You can create a security case from affected users in the User [sys_user] table. After the affected users have been used to create a new case, you can use Security Case Management to analyze the data.

Before you begin

The Threat Intelligence plugin must be activated to use Security Case Management.

Role required: sn_ti.case_user_write

About this task

You need to navigate to the users you want to use to create a case.

Procedure

  1. Navigate to All > User Administration > Users.
    The list for the selected users opens. From the list, you can create a new case from one or more user records, or you can select a specific user record and create a new case from the form.
  2. From the list, select the users you want added to a new case.
  3. From the Actions on selected items drop-down list, select Add to Security Case.
    Add a user to a new case
    The Add to Security Case dialog box opens. If you already have cases assigned to you, they display in the list.
    Add a user to a new case
  4. Click Create New Case.
  5. Fill in the fields.
    Field Description
    Case Name Enter a name for this case.
    Description Enter a description that would be of value to the case analyst.
  6. Click Submit.
    A message at the top of the list indicates that a new case has been created, along with a link to the case in Security Case Management.
  7. Click the link to view the new case.