Creating Cases

Creating a Case from a Workflow

To create a new Case, click the New Case  button at the upper-right corner of the Cases screen. The New Case drawer will be displayed (Figure 1).

• Name: Enter a name for the Case.
• Workflow Template: Select a Workflow that will determine the structure of the Case (i.e., the Phases and Tasks that define the Case, the Artifacts that are to be collected within the Case, etc.). If you want to create a Case without using a Workflow, keep the selection of None. The Case in this example uses a Workflow.
  Note

  It is recommended that Cases be created from Workflows. For information on creating Cases without a Workflow, see the “Creating a Case without a Workflow” section.
• Description: If you selected a Workflow, this field will autofill with the description provided for the Workflow. Autofilled descriptions can be modified, if desired (for example, to tailor the description to the specific Case rather than to the Workflow from which the Case is being created). If creating a Case without a Workflow, manually enter a description for the Case, if desired.
• Tags: Enter one or more Tags to apply to the Case. These are the same Tag object used throughout ThreatConnect.
• Severity: Select a severity level for the Case (Critical, High, Medium, or Low).
• Status: Select a status for the Case (Open or Closed).
• Assignee: Select a user or user group to which the Case will be assigned. The current user is always the first available user in the list, followed by all other users (in alphabetical order by first name), followed by user groups.
• Viewable By: Select the users that will be able to view the Case. User groups are not included in this menu. The default selection is Everyone (i.e., all users in the Organization). If only one user is selected, the Viewable By field will display that user’s name. If more than one user is selected, the field will display the number of users selected (e.g., 4 users). If no users are selected, the field will revert back to a selection of Everyone, because it does not make sense for a Case to be viewable by no one.
  Note

  Assignee(s) are selected automatically in the Viewable By menu.
• Artifacts: Click the ADD ARTIFACT button to add an Artifact to the Case. See the “Adding Artifacts” section for further instruction.
• Notes: Enter freeform notes in this field. The Notes field supports Markdown, which may be previewed by clicking Preview Markdown .
• Click the SAVE button to create the Case.

After a Case is created, you can view it by clicking its Case card or selecting its entry in the table on the Cases screen.

Adding Artifacts

You can add Artifacts to a new Case when you create it. On the New Case drawer (Figure 1), click the ADD ARTIFACT button. The New Case drawer will display fields for entering an Artifact (Figure 2).

• Type: Select the type of Artifact to add to add to the Case. Note that you can click on the dropdown menu and enter the Artifact type in the search bar to narrow down the available selections.
• Summary: This field dynamically adjusts to the Type of Artifact being added. It will display either a text field where a String can be added, a text field powered by a calendar where a Date can be selected, or an area where a File can be uploaded.
• Source: Enter a user name or other identifying information for the user entering the Artifact.
• Use to potentially associate cases.: Selecting this checkbox will cause Cases that include the Artifact to populate in the Cases section of the Potential Associations card. In other words, any Case that contains this Artifact will be considered to be potentially related to this Case because both Cases contain the same Artifact.
  Important

  The default setting for this checkbox may vary across Artifact types. Also, if a System Administrator has disallowed the Artifact from being used to potentially associate Cases, then selection of this checkbox will not have any effect.
• Click the CREATE button to create the Artifact and add it to the Case.

The newly created Artifact will be displayed in a table in the Artifacts section of the New Case drawer (Figure 3).

Click the ADD ARTIFACT button to add more Artifacts, if desired.

Editing an Artifact

To edit an Artifact, click the vertical ellipsis to the right of an Artifact (Figure 3) and select Edit. The New Case drawer will display fields with the contents of the Artifact (Figure 4).

• Make any desired changes to the Artifact.
• Click the CREATE button to save the changes.

Deleting an Artifact

To delete an Artifact, click the vertical ellipsis to the right of an Artifact (Figure 3) and select Remove. The Remove Artifact? window will be displayed. Click the CONFIRM button to delete the Artifact.

Creating a Case without a Workflow

To create a Case that is not based on a Workflow, click the New Case  button at the upper-right corner of the Cases screen. The New Case drawer will be displayed (Figure 1). Follow the instructions in the “Creating a Case from a Workflow” section to configure the information for the new Case, with the exception of the Workflow Template dropdown menu, which should remain set to the default value of None.

To view the Case after it is created, click on its Case card or select it from the table on the Cases screen. The Case and its contents will be displayed (Figure 5).

Cases created without Workflows do not contain predetermined Tasks or Phases. For instructions on adding Tasks to a Case, see Adding Tasks to a Case. All Tasks added to the Case will be compiled in one section, without any Phases (Figure 6).

Adding a Workflow After Case Creation

You can apply Workflows to a Case after creating the Case, but only before any Tasks have been added to the Case. From the screen in Figure 5, click the No Workflow area. The Assign Workflow window will be displayed (Figure 7).

• Select a Workflow from the dropdown menu.
• Click the ASSIGN button.

If the Case does not have an assignee, but the selected Workflow has a default assignee, the Keep Unassigned? window will be displayed (Figure 8).

• To keep the Workflow Case unassigned, click the KEEP UNASSIGNED button.
• To change the Workflow Case assignee to the default assignee of the Workflow, click the CHANGE TO <name of default assignee> button.

If the Case has an assignee, and that assignee is different from the default assignee of the selected Workflow, the Keep Current Assignee? window will be displayed (Figure 9).

• To keep the current Workflow Case assignee, click the KEEP <name of assignee> button.
• To change the Workflow Case assignee to the default assignee of the Workflow, click the CHANGE TO <name of default assignee> button.

The Phases and Tasks section of the Case will be populated with the configuration of the selected Workflow (Figure 10).

ThreatConnect^® is a registered trademark of ThreatConnect, Inc.

20122-03 v.04.A