Case Details

Minimum Role: Organization role of Read Only User (for viewing the Case Details card and its contents); Organization role of Standard User (for adding and updating a Case’s Time of Occurrence, Time of Detection, Case Open Time, and Case Close Time; applying and removing Tags; and adding and updating a Case’s description)

Prerequisites: Workflow enabled by a System Administrator; a Workflow Case created in your Organization (see Creating Cases)

Overview

The Case Details card, located at the top right of a Workflow Case, displays important details about the Case, including time-based information related to the Case, Tags that have been applied to the Case, and a description of the Case. This article describes the elements included in the Case Details card, as well as how to update each element.

Case Details Card

Figure 1 shows an example of a Case Details card for a Workflow Case.

• Time of Occurrence: The date and time when a security incident or threat occurred.
• Time of Detection: The date and time when a security incident or threat was detected (e.g., by a security team).
• Case Open Time: The date and time when the Case was opened.
• Case Close Time: The date and time when the Case was closed.
• Tags: A list of Tags applied to the Case. These are the same Tag objects used throughout ThreatConnect.
• Description: A description of the Case.

The four time-based elements (Time of Occurrence, Time of Detection, Case Open Time, and Case Close Time) are used to calculate the Mean Time to Detection (MTTD), MTTD Average, Mean Time to Resolution (MTTR), and MTTR Average Cases metrics dashboard cards.

Time of Occurrence

Hover the cursor over the Time of Occurrence label to display a pencil  icon. Click the icon to display a calendar (Figure 2).

• Select the desired date and time.
• Click the checkmark icon to save the Time of Occurrence for the Case.

To edit an existing Time of Occurrence, hover the cursor over the Time of Occurrence label, click the pencil icon, select the new date and time, and click the checkmark icon.

Time of Detection

Hover the cursor over the Time of Detection label to display a pencil icon. Click the icon to display a calendar, similar to the one in Figure 2. Select the desired date and time, and click the checkmark icon to save the Time of Detection for the Case.

To edit an existing Time of Detection, hover the cursor over the Time of Detection label, click the pencil icon, select the new date and time, and click the checkmark icon.

Case Open Time

Case Open Time is set automatically when a Case is opened. If a Case is closed and re-opened at a later time, Case Open Time will reflect the date and time that the Case was first opened, not the date and time that it was re-opened.

You can edit Case Open Time, which is helpful in situations such as when a Case is opened on a Friday evening, but is not worked on until the following Monday. To do so, hover the cursor over the Case Open Time label to display a pencil  icon. Click the icon to display a calendar, similar to the one in Figure 2. Select the desired date and time, and click the checkmark icon to save the updated Case Open Time.

Case Close Time

Case Close Time is set automatically when a Case is closed. If a Case is closed and re-opened at a later time, Case Close Time will be reset. If the Case is closed again, Case Close Time will reflect the new date and time that it was closed.

While a Case is open, Case Close Time will not be set and cannot be edited. Once the Case has been closed, Case Close Time will be set and may be edited.

After a Case is closed, hover the cursor over the Case Close Time label to display a pencil icon. Click the icon to display a calendar, similar to the one in Figure 2. Select the desired date and time, and click the checkmark icon to save the updated Case Close Time for the Case.

Tags

If no Tags are applied to a Case, a message stating No tags selected. Double click to add one. will be displayed in the Tags section. Double-click in the Tags  section to apply Tags to the Case (Figure 3).

• Enter the name of each Tag you want to apply to the Case. Note that you can apply a Tag by clicking the plus icon or pressing the Enter key on your keyboard.
• When finished applying Tags, click the checkmark  icon to save all changes.

If one or more Tags are applied to a Case, hover the cursor in the Tags section to display a pencil icon next to existing Tags (Figure 4).

Click the icon to apply new Tags and remove existing Tags (Figure 5).

• To apply a new Tag, enter the contents of the Tag and click the plus icon or press the Enter key on your keyboard.
• To remove an existing Tag, click the X to the right of the Tag’s name.
• When finished editing, click the checkmark  icon to save all changes.

Description

Hover the cursor over the Description section to display a pencil  icon at the upper-left corner of the description box (Figure 6).

Click the pencil  icon to edit the description (Figure 7).

• Make any desired changes to the Case’s description.
• Click the checkmark  icon to save all changes.

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.

20126-01 v.01.B