3 Replies Latest reply on May 13, 2014 8:16 AM by penoffd

    Use of "Create case"




      Can anyone let me know the use of "create case" option in SIEM. I have notices this option when I recieve any alert.

        • 1. Re: Use of "Create case"

          While we don't use this feature, as I understand it when an alarm or alert occurs, you can use the "Create Case" feature to open a case or ticket and assign it to one of the users in SIEM.  The events that triggered the alarm or alert are listed in the case and can be expanded to see the details of each (of there are more than one that caused the alarm.)


          The person assigned to the case can then pull it up to inspect, comment or close the case.


          In a larger environment this gives the SIEM administrator the ability to send or assign alerts to a person or group of people so tha tthey can research and potentially act on those alerts.


          In the upper right hand corner of the ESM main screen is an icon for "Case Management" that allows you to see all cases that have been assigned and their status.


          It's a nice feature for an organization that has resources to track and analyze alarms and alerts.

          • 2. Re: Use of "Create case"



            Thanks for the reply.


            Do you have any idea what will happen to any future alerts of exactly same nature. Will the same alerts will now not pop up or where can I see how many alerts are recieved when a case is open for the same?

            • 3. Re: Use of "Create case"

              Based on my experience, they will generate a new alert.  Each alert is for a unique event or alarm.