Skip to content

Case Management

CYBERQUEST provides a case management module designed to help organizations and users to create and track workflows in order to quickly address incidents. Every case created has an owner which can assign collaborators to enhance the decision-making process and streamline the case resolution. The case allows adding of all existing evidence based on the event or alert that led to creation of the case.

Overview

The Case Management module can be accessed by selecting "Case Management" button, in the left-side menu in Web Interface.

Users are presented with Case Management > My Cases page allowing the managing of existing cases and opening new ones, as needed:

  • To create a new case, select New Case button

  • To view all cases where authenticated user is owner, select My Cases switch

To list cases where authenticated user has permissions accessing, select from Status drop-down menu:

  • All option lists all cases with disregard to their status

  • New option lists all new opened cases

  • Open option lists all open cases

  • Solved option lists all cases marked as solved

  • Closed option lists all closed cases

  • Archived option lists all cases that were archived

  • To search for a case, use the Quick Filter box which is in the right Web Interface.

  • Cases are shown in chronological order, with the most recently created at the top.

In the list of cases the Actions menu is present in the right side and the possible actions are: view, edit and delete

To delete a case, press Alt Imagebutton on the top-right corner of the Case Management interface.

To edit a selected case, press Alt Image button on the top-right corner of the Case Management interface.

Press to export the cases.

Response Remaining / Confirm Remaining specifies how much time is left until response/confirmation due time, and in case it's expired, how much time has passed over the confirmation/response due time of the most severe SLA. To see how to create a SLA follow the link:

Explanation:

Infiltration Investigation case is expired since the confirmation due date is expired.

Confirmation Remaining column represents how much time has elapsed since the confirmation due date was exceeded.

Press to obtain a quick view of a listed case.

The Case page opens where you can see information like:

  • Case Name, Description, Case Type, Case Users, Case Owner, Status etc.

  • The case timeline presenting all activity performed in this case, where each activity consists of who, what and when added something to the case.

Alt Image

In this page you have the options to run playbook, add note, edit and change the status of the opened case.

Cases Manual Deduplication

To manually deduplicate cases you have to press "Actions" button, and choose "Add Deduplicate Item" or "Set Deduplicate Of":

Alt Image

Alt Image

  • Add Deduplicate Item - add the item to the list of items to be deduplicated

  • Set Deduplicate Of - sets the item that is considered duplicate of the items in the list previously created by Add Deduplicate Item

Create a new case

To create a new case, select Alt Image button and fill in the details in the pop-up window:

Alt Image

Observations:

  • Enter a relevant Name for your case. Best practice is to use a coding standard for the Name.

  • In Collaborators drop-down list, select users who will have permissions to contribute to the case.

  • In Status drop-down list, you will find 5 options: New, Open, Solved, Closed and Archived. Default case status is New.

We recommend having an internal procedure in your organization for when a case is moved from New to Open, Solved / Closed and when is archived.

  • For your organization, define a list of Case Types. Case types are relevant for historical sorting of information.

  • Enter a relevant Description for your case to indicate your collaborators what the name refers to.

  • Add a new evidence to your case and you can add any external file that you consider relevant.

Press "Save" button to save changes or "Cancel" button to return to main page.

Edit Case

Press Alt Image to edit the case. Above is a short description of each setting in Edit Case page that opens:

  • In Name field change the case title or leave unchanged.
  • In Collaborators drop-down list, select users who will have permissions to contribute to case
  • In Status drop-down, change the status of your case. Possible statuses are new, open, solved, closed and archived.

  • For your organization, define a list of Case Types. Case types are relevant for historical sorting of information

  • Enter a relevant Description for your case to indicate your collaborators what the name refers to.

  • Add a new evidence to your case. You can add any external file that you consider relevant.

Press "Save" button to save changes or "Cancel" button to return to main page.

Generate Reports

Press Alt Image to generate a report and the page will open:

Alt Image

Summary Report - export all the cases that are created in Case Management in HTML format.

Alt Image

Detailed Report - reports can be customized to meet specific requirements and exported in HTML format. Select the Desired Field: Navigate to the drop-down menu and choose the appropriate field. This selection enables precise customization tailored to your specific data requirements. Save once customization is complete and save your changes.

Alt Image

Alt Image

Adding events/alerts to a case

Case management is deeply integrated into all CYEBRQUEST's investigational modules. Everywhere a Case Management action menu can be opened, or an entry is presented with an action arrow, that reference can be added as evidence to an existing case, or a new case can be created starting from that evidence.

Adding an event to a case can be done from Browser or Alerts module:

To add an event from Browser module, press Alt Image for the desired event in list and choose either Create Investigation case or Add to Existing investigation option.

Alt Image

To add an alert from Alerts module interface, press Alt Image button to expand the alert:

Alt Image

You can choose to send alert to Create Investigation case or Add to Existing investigation option.

Case Overview

Case Overview is an graphical overview of cases which can be accessed from by pressing Alt Image button at any time in left side, where is the quick access section of Web Interface.

This module presents a comprehensive analysis of cases within your enterprise, offering insights into operational dynamics and strategic outcomes.

Alt Image

1 - Number of cases with the status "open"

2 - Count of instances that have surpassed the response due date

3 - Count of instances that have surpassed the confirmation due date.

4 - The most recent modified cases

5 - Shows the number of cases with status: new count, open, solve, close and archived detected in a predefined time interval.

6 - Displays the users with the highest number of case

7 - Cases that have passed the latest confirmation due date

8 - Cases that have passed the latest response due date

Export in CSV the cases overview by pressing Alt Image button.