Version:

Investigating Cases

You can follow-up and investigate what happened as a result of a playbook.

To investigate a case, click the Name of the case from the Cases page. This opens the Investigation Timeline for the case. The Investigation Timeline represents all the individual actions related to the case. Click on an action in the Investigation Timeline to view its details or audit log data.

_images/LP_SOAR_Cases_Investigation.png

Investigation page

From the Investigation Timeline, you can:

  1. Run the respective playbook.

    _images/LP_SOAR_Cases_Investigation_RunPlaybook.png

    Run playbook

  2. Click an event in the timeline to view its details.

    _images/LP_SOAR_Cases_Investigation_EventDetails.png

    Event details

  3. Add comments to the timeline as Annotations.

    _images/LP_SOAR_Cases_Investigation_Annotation.png

    Annotation

  4. Update the Handled Status of the case and choose the User who handled the case.

    _images/LP_SOAR_Cases_Investigation_HandledStatus.png

    Set Handled Status

  5. Add Tags to the case by clicking the New Tag button.

    _images/LP_SOAR_Cases_Investigation_AddTag.png

    Add Tags

  6. Add Comments to the case.

    _images/LP_SOAR_Cases_Investigation_AddComment.png

    Add Comment

  7. Update the Status of the case.

    _images/LP_SOAR_Cases_Investigation_UpdateStatus.png

    Update Status

Helpful?

We are glad this guide helped.


Please don't include any personal information in your comment

Contact Support