Case Details
  • 06 Sep 2022
  • 4 Minutes to read
  • Dark
    Light

Case Details

  • Dark
    Light

Minimum Role: Organization role of Read Only User (for viewing the Case Details card and its contents); Organization role of Standard User (for adding and updating a Case’s Time of Occurrence, Time of Detection, Case Open Time, and Case Close Time; applying and removing Tags; and adding and updating a Case’s description)

Prerequisites: Workflow enabled by a System Administrator; a Workflow Case created in your Organization (see Creating Cases)

Overview

The Case Details card, located at the top right of a Workflow Case, displays important details about the Case, including time-based information related to the Case, Tags that have been applied to the Case, and a description of the Case. This article describes the elements included in the Case Details card, as well as how to update each element.

Case Details Card

Figure 1 shows an example of a Case Details card for a Workflow Case.

Note
To collapse or expand the Case Details card, hover the cursor anywhere in the card and click the arrow displayed at the upper-right corner of the card.

Graphical user interface, text, application, email  Description automatically generated

 

  • Time of Occurrence: The date and time when a security incident or threat occurred.
  • Time of Detection: The date and time when a security incident or threat was detected (e.g., by a security team).
  • Case Open Time: The date and time when the Case was opened.
  • Case Close Time: The date and time when the Case was closed.
  • Tags: A list of Tags applied to the Case. These are the same Tag objects used throughout ThreatConnect.
  • Description: A description of the Case.

The four time-based elements (Time of Occurrence, Time of Detection, Case Open Time, and Case Close Time) are used to calculate the Mean Time to Detection (MTTD), MTTD Average, Mean Time to Resolution (MTTR), and MTTR Average Cases metrics dashboard cards.

Time of Occurrence

Hover the cursor over the Time of Occurrence label to display a pencil A close up of a device  Description automatically generated icon. Click the icon to display a calendar (Figure 2).

Calendar  Description automatically generated

 

  • Select the desired date and time.
  • Click the checkmark A picture containing table  Description automatically generatedicon to save the Time of Occurrence for the Case.

To edit an existing Time of Occurrence, hover the cursor over the Time of Occurrence label, click the pencil A close up of a device  Description automatically generated icon, select the new date and time, and click the checkmark A picture containing table  Description automatically generatedicon.

Time of Detection

Hover the cursor over the Time of Detection label to display a pencil A close up of a device  Description automatically generated icon. Click the icon to display a calendar, similar to the one in Figure 2. Select the desired date and time, and click the checkmark A picture containing table  Description automatically generatedicon to save the Time of Detection for the Case.

To edit an existing Time of Detection, hover the cursor over the Time of Detection label, click the pencil A close up of a device  Description automatically generated icon, select the new date and time, and click the checkmark A picture containing table  Description automatically generatedicon.

Case Open Time

Case Open Time is set automatically when a Case is opened. If a Case is closed and re-opened at a later time, Case Open Time will reflect the date and time that the Case was first opened, not the date and time that it was re-opened.

You can edit Case Open Time, which is helpful in situations such as when a Case is opened on a Friday evening, but is not worked on until the following Monday. To do so, hover the cursor over the Case Open Time label to display a pencil A close up of a device  Description automatically generated icon. Click the icon to display a calendar, similar to the one in Figure 2. Select the desired date and time, and click the checkmark A picture containing table  Description automatically generatedicon to save the updated Case Open Time.

Note
A Timeline Event titled “Case Open Time Was Manually Changed” will be logged when you edit Case Open Time.

Case Close Time

Case Close Time is set automatically when a Case is closed. If a Case is closed and re-opened at a later time, Case Close Time will be reset. If the Case is closed again, Case Close Time will reflect the new date and time that it was closed.

While a Case is open, Case Close Time will not be set and cannot be edited. Once the Case has been closed, Case Close Time will be set and may be edited.

After a Case is closed, hover the cursor over the Case Close Time label to display a pencil A close up of a device  Description automatically generated icon. Click the icon to display a calendar, similar to the one in Figure 2. Select the desired date and time, and click the checkmark A picture containing table  Description automatically generatedicon to save the updated Case Close Time for the Case.

Note
A Timeline Event titled “Case Close Time Was Manually Changed” will be logged when you edit Case Close Time.

Tags

If no Tags are applied to a Case, a message stating No tags selected. Double click to add one. will be displayed in the Tags A picture containing triangle, tool  Description automatically generated section. Double-click in the Tags A picture containing triangle, tool  Description automatically generated section to apply Tags to the Case (Figure 3).

 

  • Enter the name of each Tag you want to apply to the Case. Note that you can apply a Tag by clicking the plus Icon  Description automatically generated icon or pressing the Enter key on your keyboard.
  • When finished applying Tags, click the checkmark A picture containing table  Description automatically generated icon to save all changes.

If one or more Tags are applied to a Case, hover the cursor in the Tags A picture containing triangle, tool  Description automatically generated section to display a pencil A close up of a device  Description automatically generatedicon next to existing Tags (Figure 4).

A picture containing icon  Description automatically generated

 

Click the icon to apply new Tags and remove existing Tags (Figure 5).

 

  • To apply a new Tag, enter the contents of the Tag and click the plus Icon  Description automatically generated icon or press the Enter key on your keyboard.
  • To remove an existing Tag, click the to the right of the Tag’s name.
  • When finished editing, click the checkmark A picture containing table  Description automatically generated icon to save all changes.

Description

Hover the cursor over the Description section to display a pencil  icon at the upper-left corner of the description box (Figure 6).

 

Click the pencil  icon to edit the description (Figure 7).

Graphical user interface, text, application, email  Description automatically generated

 

  • Make any desired changes to the Case’s description.
  • Click the checkmark  icon to save all changes.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20126-01 v.01.B


Was this article helpful?


What's Next