The Details Drawer for Workflow Cases
- 12 Jun 2024
- 2 Minutes to read
-
Print
-
DarkLight
The Details Drawer for Workflow Cases
- Updated on 12 Jun 2024
- 2 Minutes to read
-
Print
-
DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Overview
The Details drawer for a Workflow Case in ThreatConnect® provides a detailed overview of the Case, including its metadata, associations, Artifacts, and Notes. From this drawer, you can gather context about a Case and determine an appropriate course of action to take in your investigation.
Note
For information on the Details drawer for threat intelligence data objects (Indicators, Groups, Tags, Tracks, Victims, and Victim Assets), see The Details Drawer.
Before You Start
User Roles
- To access the Details drawer for Cases in an Organization, your user account can have any Organization role except App Developer.
Prerequisites
- To have access to Workflow Cases, turn on Workflow for your Organization on the Account Settings screen (must be an Accounts, Operations, or System Administrator to perform this action).
Accessing the Details Drawer for Cases
Currently, you can access the Details drawer for Cases in the following areas of ThreatConnect:
- the Search screen
- Threat Graph
- the Keyword Tracking & Results card on the Details screen for Intelligence Requirements (IRs)
Details Drawer Layout
Figure 1 shows the Details drawer for a Case. Depending on where you are viewing a Case’s Details drawer in ThreatConnect, the drawer’s header will include some or all of the following elements:
- The Case’s ID number and name.
- View case in new tab
: Click this icon to view the full details of the Case. - + Create Custom Report: The + Create Custom Report dropdown is available only when viewing a Case’s Details drawer on the Search screen. Click + Create Custom Report to display the following options:
- Create New: Select Create New to create a report for the Case that is not based on a report template.
- Create From Case Report Template…: Select Create From Case Report Template… to create a report for the Case from a saved Case report template. Then select a saved Case report template to use.
- Explore In Graph: The Explore In Graph button is available only when viewing a Case’s Details drawer on the Search screen. Click Explore In Graph to view the Case in Threat Graph.
Below the header, a Case’s Details drawer displays the following data in a read-only format:
- Description: If a description has been entered for the Case, it will be displayed below the Details drawer header.
- Assignee: The Case’s assignee. If the Case does not have an assignee, this section will not display a value.
- Open Date: The date and time when the Case was opened.
- Severity: The Case’s severity.
- Resolution: The Case’s resolution. If a resolution has not been set for a Case, this section will display Not Specified.
- Workflow Template: The Workflow applied to the Case. If a Workflow has not been applied to the Case, this section will not display a value.
- Case Status: The Case’s status.
- Tags: The Tags applied to the Case.
- Associations: The Indicators, Groups, and Cases associated to the Case.
- Potential Associations: The Indicators, Groups, and Cases suggested as potential associations to the Case.
- Artifacts: The Artifacts added to the Case.
- Notes: The Notes added to the Case.
ThreatConnect® is a registered trademark of ThreatConnect, Inc.
MITRE ATT&CK® and ATT&CK® are registered trademarks of The MITRE Corporation.
20165-01 v.01.A
Was this article helpful?
