Skip to content

Case Management

CYBERQUEST provides a case management module designed to help organizations and users to create and track workflows in order to quickly address incidents. Every case created has an owner which can assign collaborators to enhance the decision-making process and streamline the case resolution. The case allows adding of all existing evidence based on the event or alert that led to creation of the case.

Overview

The Case Management module can be accessed by selecting Alt Image button, in the left-side menu in Web Interface.

Users are presented with Case Management > My Cases page allowing the managing of existing cases and opening new ones, as needed:

Alt Image

  • To create a new case, select New Case button

  • To view all cases where authenticated user is owner, select My Cases switch

To list cases where authenticated user has permissions accessing, select from Status drop-down menu:

  • All option lists all cases with disregard to their status

  • New option lists all new opened cases

  • Open option lists all open cases

  • Solved option lists all cases marked as solved

  • Closed option lists all closed cases

  • Archived option lists all cases that were archived

  • To search for a case, use the Quick Filter box which is in the right Web Interface.

  • Cases are shown in chronological order, with the most recently created at the top.

In the list of cases the Actions menu is present in the right side and the possible actions are: view, edit and delete

Alt Image

To delete a case, press Alt Imagebutton on the top-right corner of the Case Management interface.

To edit a selected case, press Alt Image button on the top-right corner of the Case Management interface.

Press Alt Image to obtain a quick view of a listed case.

The Case page opens where you can see information like:

  • Case Name, Description, Case Type, Case Owner and Status

  • The case timeline presenting all activity performed in this case, where each activity consists of who, what and when added something to the case.

Alt Image

  • By pressing Alt Image button you get the full evidence that was added to case

  • By pressing Alt Image button you can see the full details of the event that was presented as evidence to the case

Create a new case

To create a new case, select Alt Image button and fill in the details in the pop-up window:

Alt Image

Observations:

  • Enter a relevant Name for your case. Best practice is to use a coding standard for the Name.

  • In Collaborators drop-down list, select users who will have permissions to contribute to the case.

  • In Status drop-down list, you will find 5 options: New, Open, Solved, Closed and Archived. Default case status is New.

We recommend having an internal procedure in your organization for when a case is moved from New to Open, Solved / Closed and when is archived.

  • For your organization, define a list of Case Types. Case types are relevant for historical sorting of information.

  • Enter a relevant Description for your case to indicate your collaborators what the name refers to.

  • Add a new evidence to your case and you can add any external file that you consider relevant.

Press "Save" button to save changes or "Cancel" button to return to main page.

Edit Case

Press Alt Image to edit the case. Above is a short description of each setting in Edit Case page that opens:

  • In Name field change the case title or leave unchanged
  • In Collaborators drop-down list, select users who will have permissions to contribute to case
  • In Status drop-down, change the status of your case. Possible statuses are new, open, solved, closed and archived.
  • For your organization, define a list of Case Types. Case types are relevant for historical sorting of information

  • Enter a relevant Description for your case to indicate your collaborators what the name refers to.

  • Add a new evidence to your case. You can add any external file that you consider relevant.

Press "Save" button to save changes or "Cancel" button to return to main page.

Adding events/alerts to a case

Case management is deeply integrated into all CYEBRQUEST's investigational modules. Everywhere a Case Management action menu can be opened, or an entry is presented with an action arrow, that reference can be added as evidence to an existing case, or a new case can be created starting from that evidence.

Adding an event to a case can be done from Browser or Alerts module:

To add an event from Browser module, press Alt Image for the desired event in list and choose either Create Investigation case or Add to Existing investigation option.

Alt Image

To add an alert from Alerts module interface, press Alt Image button to expand the alert:

Alt Image

You can choose to send alert to Create Investigation case or Add to Existing investigation option.