The Details Drawer for Workflow Cases
  • 12 Jun 2024
  • 2 Minutes to read
  • Dark

The Details Drawer for Workflow Cases

  • Dark

Article summary


The Details drawer for a Workflow Case in ThreatConnect® provides a detailed overview of the Case, including its metadata, associations, Artifacts, and Notes. From this drawer, you can gather context about a Case and determine an appropriate course of action to take in your investigation.

For information on the Details drawer for threat intelligence data objects (Indicators, Groups, Tags, Tracks, Victims, and Victim Assets), see The Details Drawer.

Before You Start

User Roles

  • To access the Details drawer for Cases in an Organization, your user account can have any Organization role except App Developer.


  • To have access to Workflow Cases, turn on Workflow for your Organization on the Account Settings screen (must be an Accounts, Operations, or System Administrator to perform this action).

Accessing the Details Drawer for Cases

Currently, you can access the Details drawer for Cases in the following areas of ThreatConnect:

Details Drawer Layout

Figure 1 shows the Details drawer for a Case. Depending on where you are viewing a Case’s Details drawer in ThreatConnect, the drawer’s header will include some or all of the following elements:


Below the header, a Case’s Details drawer displays the following data in a read-only format:

  • Description: If a description has been entered for the Case, it will be displayed below the Details drawer header.
  • Assignee: The Case’s assignee. If the Case does not have an assignee, this section will not display a value.
  • Open Date: The date and time when the Case was opened.
  • Severity: The Case’s severity.
  • Resolution: The Case’s resolution. If a resolution has not been set for a Case, this section will display Not Specified.
  • Workflow Template: The Workflow applied to the Case. If a Workflow has not been applied to the Case, this section will not display a value.
  • Case Status: The Case’s status.
  • Tags: The Tags applied to the Case.
  • Associations: The Indicators, Groups, and Cases associated to the Case.
  • Potential Associations: The Indicators, Groups, and Cases suggested as potential associations to the Case.
  • Artifacts: The Artifacts added to the Case.
  • Notes: The Notes added to the Case.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.
MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.

20165-01 v.01.A

Was this article helpful?