Create cases in Security Case Management Cases are used to track information about a campaign or state actor threatening your organization. After a case is created, you can add artifacts that allow you to review and analyze all related information within a single case record. Before you beginRole required: sn_ti.case_user Procedure Navigate to Threat Intelligence > Case Management > All Cases. The Security Cases list opens. Click New. The Security Cases screen opens. Fill in the fields as appropriate. Field Description Case Number [Read only] The case number. Case Name Enter a descriptive name for the case. Case Type Select the type of case being investigated. Rating Select the importance of this case (from Critical to Low). Last Updated [Read only] The date and time the case was last updated. Short Description A brief description of the case. Click the Additional Case Details tab. Fill in the fields as appropriate. Field Description Created by [Read only] The name of the user who created this case. State The current state of the case. At case creation, the State defaults to Draft. Assigned to Click the lookup icon and assign the case to an analyst. Work notes list Click the lock icon and add internal users who can view work notes. Additional comments As needed, enter notes on the case that will be visible to the customer. Work Notes If needed, type a work note for the case. Click Submit. After the record has been saved, you can click the Case Artifacts tab and add artifacts to the case. Add artifacts to a caseAfter you have created a case, you can add artifacts, such as security incidents, CIs, and indicators of compromise, to the case. These artifacts act as clues in solving the case.