Cases help you investigate security incidents LogPoint SOAR detects. Cases are created automatically when a playbook is triggered and run. Each Playbook Action can be represented as a Case Item, so you and your colleagues are able to track and understand what happened through the course of an automated incident investigation.
After running a playbook, you can also use a case’s action details as your audit log. Action details list all the important historical details or data of the action.
Go to Investigation >> Cases from the navigation bar to open the Cases page.
Cases page¶
You can perform the following actions from the page:
Filter the cases displayed on the page from the Query Bar or from the Filters Panel.
Investigate individual cases in a timeline of related events.
Export the displayed results in the .csv format by clicking Export Data.
Toggle the status of a selected case.
View the details of a selected case.
Add new tags and comments to a selected case.
Filter the displayed cases. Refer to Filtering Cases.
Investigate a specific case. Refer to Investigating Cases.