Contents x
Adding Case Data to a Report
  • 27 Mar 2024
  • 14 Minutes to read
  • Print
  • Dark
    Light
Contents

Adding Case Data to a Report

  • Updated on 27 Mar 2024
  • 14 Minutes to read
  • Print
  • Dark
    Light
Article Summary

Case Data sections display data from a selected Workflow Case in your Organization for which you have viewing permissions. When adding a Case Data section to a report, you must first select the Case whose data you want to add to the report. After you select a Case, you can select which Case Data section to add to the report and customize it as desired.

Selecting a Case

Selecting Case Data in the Intelligence Data section of the Add Section drawer will display the Add Case Data menu. If creating a report from a Case, the Case will be selected from the Case dropdown automatically and a list of Case Data sections you can add to the report will be displayed (Figure 1).

Graphical user interface, application, Teams Description automatically generated

 

If creating a report from a Group or the Reporting screen, you must first select View All Cases… from the Case dropdown to display the Select a Case window (Figure 2). This window displays all Cases in your Organization for which you have viewing permissions.

Note
If a report contains data from a Case (i.e., there is a Case Data section added to the report), then that Case’s name will be displayed in the Case dropdown when you click on it.

 

  • Select the Case whose data you want to add to the report.
  • To filter Cases by assignee, resolution, status, severity, and creation date, use the Filtersmenu; to filter Cases by name or ID, use the search bar.
  • Click the Select Case button. The Add Case Data menu will be displayed, showing the selected Case in the Case dropdown and a list of Case Data sections you can add to the report (Figure 1).

Case Data Sections

From the Add Case Data menu (Figure 1), you can add any of the following Case Data section(s) to a report:

  • Details
  • Attributes
  • Group Associations
  • Indicator Associations
  • Case Associations
  • Potential Group Associations
  • Potential Indicator Associations
  • Potential Case Associations
  • Artifacts
  • Timeline
  • Notes

A Case Data section can display data from a single Case; however, you can return to the Add Section drawer to add multiple Case Data sections containing data from multiple Cases to a single report.

Note
To return to the Add Case Data menu after you add a Case Data section to a report, select the Keep panel open after adding checkbox at the lower-left corner of the Add Section drawer. Otherwise, the Add Section drawer will close after the section is added to the report.
Note
Changes made to ThreatConnect data displayed in Case Data sections will be reflected in saved reports automatically.

Details

The Details section can be used to display basic information about the selected Case, including its resolution, status, and severity and data available on its Case Details card. To add this section to a report, select Details from the Add Case Data menu (Figure 1). The Add Details menu will be displayed (Figure 3).

Graphical user interface, application Description automatically generated

 

  • Details: To include all available Case data options in the Details section, select the Select All checkbox; otherwise, select the checkbox for each Case data option you want to include in the Details section. Available Case data options include the following:
    • State: The Case’s status.
    • Resolution: The Case’s resolution.
    • Severity: The Case’s severity level.
    • Time of Occurrence: The date and time when the security incident for which the Case was opened took place.
    • Time of Detection: The date and time when the security incident for which the Case was opened was detected (e.g., by a security team).
    • Case Open Time: The date and time when the Case was opened.
    • Case Close Time: The date and time when the Case was closed.
    • Tags: The Tag(s) applied to the Case.
    • Description: The Case’s description.
  • Section Preview: This section displays a preview of the Details section that will be added to the report.
  • Click the Add button to add the section to the report.

Attributes

The Attributes section can be used to display the following information about Attributes added to the selected Case:

  • The Attribute’s type
  • The Attribute’s source
  • The date when the Attribute was created
  • The date when the Attribute was last modified
  • The Attribute’s value

To add this section to a report, select Attributes from the Add Case Data menu (Figure 1). The Add Attributes menu will be displayed (Figure 4).

Graphical user interface, text, application, email Description automatically generated

 

  • Select the checkbox for each Attribute to add to the report. To select all Attributes, including those displayed on other pages in the table, select the checkbox in the table’s header.
    Note
    If you select Attributes on multiple pages in the table, they will all be added to the report.
  • To filter Attributes by Attribute Type, creation date, or last modified date, use the Filtersmenu; to filter Attributes by value, use the search bar.
  • Icon Description automatically generated: Click this icon to display a preview of the Attributes section that will be added to the report for the Attribute.
  • Click the Add button to add a section to the report for each selected Attribute.

Group Associations

The Group Associations section can be used to display information about Groups associated to the selected Case in a tabular format. To add this section to a report, select Group Associations from the Add Case Data menu (Figure 1). The Add Group Associations menu will be displayed (Figure 5).

Graphical user interface, application Description automatically generated

 

  • Filters: By default, Groups of all types belonging to any owner to which you have access will be displayed in the Group Associations table. If desired, use the following options in this section to filter Groups displayed in the table:
    • Type: Select one or more Group types. Only Groups of the selected type(s) will be displayed in the table.
    • Owner: Select one or more owners. Only Groups that belong to the selected owner(s) will be displayed in the table.
    • Date Added: Click the from and to fields and use the date selectors to select the beginning and end of a date range, respectively. Only Groups that were created within the specified range will be displayed in the table.
    • Last Modified: Click the from and to fields and use the date selectors to select the beginning and end of a date range, respectively. Only Groups that were last modified within the specified range will be displayed in the table.
  • Table Settings: Use the following options in this section to customize the display settings for the Group Associations table:
    • Table Columns: By default, all available table columns will be displayed in the table. To prevent a table column from being displayed in the table, clear the checkbox corresponding to its name.
    • Table Cutoff: Enter the maximum number of Groups to display in the table. The minimum value you can enter is 5, and the maximum value you can enter is 20.
    • Sort By: Select the table column by which to sort  Groups in the table. You can sort Groups by any table column, including those not displayed in the table.
    • Ascending/Descending: Select whether to sort Groups in ascending or descending order. The sort order will correspond to the column by which the table is sorted.
  • Section Preview: This section displays a preview of the Group Associations table that will be added to the report.
  • Click the Add button to add the section to the report.

Indicator Associations

The Indicator Associations section can be used to display information about Indicators associated to the selected Case in a tabular format. To add this section to a report, select Indicator Associations from the Add Case Data menu (Figure 1). The Add Indicator Associations menu will be displayed (Figure 6).

Graphical user interface, application Description automatically generated

 

  • Filters: By default, Indicators of all types belonging to any owner to which you have access will be displayed in the Indicator Associations table. If desired, use the following options in this section to filter Indicators displayed in the table:
    • Type: Select one or more Indicator types. Only Indicators of the selected type(s) will be displayed in the table.
    • Owner: Select one or more owners. Only Indicators that belong to the selected owner(s) will be displayed in the table.
    • Date Added: Click the from and to fields and use the date selectors to select the beginning and end of a date range, respectively. Only Indicators that were created within the specified range will be displayed in the table.
    • Last Modified: Click the from and to fields and use the date selectors to select the beginning and end of a date range, respectively. Only Indicators that were last modified within the specified range will be displayed in the table.
  • Table Settings: Use the following options in this section to customize the display settings for the Indicator Associations table:
    • Table Columns: By default, all available table columns will be displayed in the table. To prevent a table column from being displayed in the table, clear the checkbox corresponding to its name.
    • Table Cutoff: Enter the maximum number of Indicators to display in the table. The minimum value you can enter is 5, and the maximum value you can enter is 20.
    • Sort By: Select the table column by which to sort Indicators in the table. You can sort Indicators by any table column, including those not displayed in the table.
    • Ascending/Descending: Select whether to sort Indicators in ascending or descending order. The sort order will correspond to the column by which the table is sorted.
  • Section Preview: This section displays a preview of the Indicator Associations table that will be added to the report.
  • Click the Add button to add the section to the report.

Case Associations

The Case Associations section can be used to display information about Cases associated to the selected Case in a tabular format. To add this section to a report, select Case Associations from the Add Case Data menu (Figure 1). The Add Case Associations menu will be displayed (Figure 7).

Graphical user interface, application Description automatically generated

 

  • Filters: By default, all associated Cases will be displayed in the Case Associations table. If desired, use the following options in this section to filter Cases displayed in the table:
    • Assignee: Select one or more Case assignees. Only Cases assigned to the selected assignee(s) will be displayed in the table.
    • Date Added: Click the from and to fields and use the date selectors to select the beginning and end of a date range, respectively. Only Cases that were created within the specified range will be displayed in the table.
    • Resolution: Select one or more Case resolutions. Only Cases with the selected resolution(s) will be displayed in the table. If a selected resolution is not assigned to any of the Cases, then no Cases will be displayed in the table.
    • Status: Select one or more Case statuses. Only Cases with the selected status(es) will be displayed in the table. If a selected status is not assigned to any of the Cases, then no Cases will be displayed in the table.
    • Severity: Select one or more Case severity levels. Only Cases with the selected severity level(s) will be displayed in the table. If a selected severity level is not assigned to any of the Cases, then no Cases will be displayed in the table.
  • Table Settings: Use the following options in this section to customize the display settings for the Case Associations table:
    • Table Columns: By default, all available table columns will be displayed in the table. To prevent a table column from being displayed in the table, clear the checkbox corresponding to its name.
    • Table Cutoff: Enter the maximum number of Cases to display in the table. The minimum value you can enter is 5, and the maximum value you can enter is 20.
    • Sort By: Select the table column by which to sort Cases in the table. You can sort Cases by any table column, including those not displayed in the table.
    • Ascending/Descending: Select whether to sort Cases in ascending or descending order. The sort order will correspond to the column by which the table is sorted.
  • Section Preview: This section displays a preview of the Case Associations table that will be added to the report.
  • Click the Add button to add the section to the report.

Potential Group Associations

The Potential Group Associations section can be used to display information about Groups suggested as associations to the selected Case in a tabular format. To add this section to a report, select Potential Group Associations from the Add Case Data menu (Figure 1). The Add Potential Group Associations menu will be displayed (Figure 8).

 

See the “Group Associations” section for descriptions of the configuration options available for the Potential Group Associations section, as they are the same configuration options available for the Group Associations section.

Potential Indicator Associations

The Potential Indicator Associations section can be used to display information about Indicators suggested as associations to the selected Case in a tabular format. To add this section to a report, select Potential Indicator Associations from the Add Case Data menu (Figure 1). The Add Potential Indicator Associations menu will be displayed (Figure 9).

 

See the “Indicator Associations” section for descriptions of the configuration options available for the Potential Indicator Associations section, as they are the same configuration options available for the Indicator Associations section.

Potential Case Associations

The Potential Case Associations section can be used to display information about Cases suggested as associations to the selected Case in a tabular format. To add this section to a report, select Potential Case Associations from the Add Case Data menu (Figure 1). The Add Potential Case Associations menu will be displayed (Figure 10).

 

See the “Case Associations” section for descriptions of the configuration options available for the Potential Case Associations section, as they are the same configuration options available for the Case Associations section.

Artifacts

The Artifacts section can be used to display information about Artifacts added to the selected Case in a tabular format. To add this section to a report, select Artifacts from the Add Case Data menu (Figure 1). The Add Artifacts menu will be displayed (Figure 11).

 

  • Filters: By default, all Artifacts added to the selected Case will be displayed in the Artifacts table. If desired, use the following options in this section to filter Artifacts displayed in the table:
    • Artifact Type: Select one or more Artifact types. Only Artifacts  of the selected type(s) will be displayed in the table.
    • Date Added: Click the from and to fields and use the date selectors to select the beginning and end of a date range, respectively. Only Artifacts that were created within the specified range will be displayed in the table.
    • Status: Select one or more Indicator Statuses. Only Artifacts whose types map to a ThreatConnect Indicator type and that have the selected Indicator Status(es) will be displayed in the table.
    • Analytics Score: Select one or more ThreatAssess assessment levels. Only Artifacts whose types map to a ThreatConnect Indicator type and that have the selected ThreatAssess assessment level(s) will be displayed in the table.
  • Table Settings: Use the following options in this section to customize the display settings for the Artifacts table:
    • Table Columns: By default, all available table columns will be displayed in the table. To prevent a table column from being displayed in the table, clear the checkbox corresponding to its name.
    • Table Cutoff: Enter the maximum number of Artifacts to display in the table. The minimum value you can enter is 5, and the maximum value you can enter is 20.
    • Sort By: Select the table column by which to sort Artifacts in the table. You can sort Artifacts by any table column, including those not displayed in the table.
    • Ascending/Descending: Select whether to sort Artifacts in ascending or descending order. The sort order will correspond to the column by which the table is sorted.
  • Section Preview: This section displays a preview of the Artifacts table that will be added to the report.
  • Click the Add button to add the section to the report.

Timeline

The Timeline section can be used to display information about Timeline Events added to the selected Case in a tabular format. To add this section to a report, select Timeline from the Add Case Data menu (Figure 1). The Add Timeline menu will be displayed (Figure 12).

 

  • Filters: By default, all Timeline Events added to the selected Case will be displayed in the Timeline table. If desired, use the following options in this section to filter Timeline Events displayed in the table:
    • User: Select one or more users. Only Timeline Events created by the selected users will be displayed in the table.
    • Generation: Select whether to display system-generated Timeline Events, user-created Timeline Events, or both in the table.
    • Event Date: Click the from and to fields and use the date selectors to select the beginning and end of a date range, respectively. Only Timeline Events that took place within the specified range will be displayed in the table.
  • Table Settings: Use the following options in this section to customize the display settings for the Timeline table:
    • Table Columns: By default, all available table columns will be displayed in the table. To prevent a table column from being displayed in the table, clear the checkbox corresponding to its name.
    • Table Cutoff: Enter the maximum number of Timeline Events to display in the table. The minimum value you can enter is 5, and the maximum value you can enter is 20.
    • Sort By: Select the table column by which to sort Timeline Events in the table. You can sort Timeline Events by any table column, including those not displayed in the table.
    • Ascending/Descending: Select whether to sort Timeline Events in ascending or descending order. The sort order will correspond to the column by which the table is sorted.
  • Section Preview: This section displays a preview of the Timeline table that will be added to the report.
  • Click the Add button to add the section to the report.

Notes

The Notes section can be used to display the following information about Notes added to the selected Case:

  • The user that created the Note
  • The contents of the Note
  • The date and time when the Note was last modified

To add this section to a report, select Notes from the Add Case Data menu (Figure 1). The Add Notes menu will be displayed (Figure 13).

 

  • Select the checkbox for each Note to add to the report. To select all Notes displayed on the current page in the table, select the checkbox in the table’s header.
    Note
    If you select Notes on multiple pages in the table, they will all be added to the report.
  • To filter Notes by the user that created them, by a range of dates within which they were created, or based on whether they are linked to an Artifact, use the Filtersmenu; to filter Notes by their contents, use the search bar.
  • : Click this icon to display a preview of the Notes section that will be added to the report for the Note.
  • Click the Add button to add a section to the report for each selected Note.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20144-12 v.03.A

Was this article helpful?
What's Next
Company
Sales and Support
Follow Us
© 2012–2023 ThreatConnect, Inc. All Rights Reserved.