All versions of this manual

Alerts: Case list

The "Case List" shows a list of newly detected cases for each alert. Each row in the list is a case.

By default, cases are ordered by creation date. You can change sorting order by using custom columns, if the alert creator has defined any.

A case has a status that is either Open, In progress, Confirmed, or Dismissed. New cases have the Open status by default.

The list of cases can be filtered by status. For example, the image below shows the list of dismissed cases. We can also see who has changed the status of those cases.

You can also filter the list of cases by assignee. In the example below, we can see all the cases opened and assigned to the current user.

If a user has no cases assigned to him, his name will appear greyed out in the list.

Within the list of cases, you can assign them to users that have the right to process the alert.

To do so, you can select cases from multiple pages by checking the checkbox on the left of every row.

You can also select all the cases within a page by clicking on the checkbox on top of the list of cases.

Once cases are selected, you can assign them to a single user by clicking on the button "Assign".

To take a decision, you must investigate on a case. Simply click on the ID of a case to open the case view.

Download the alert case list information

From each alert's case list view, users can download an excel file containing all the cases of the alert. This file contains information which will enable analysts to monitor the team's activity, share it with fellow colleagues and answer possible questions a they may have, such as:

  • How many cases are in which state?
  • How many cases are assigned per analyst?
  • How many cases dows analyst X close per period?
  • What relevant information is associated with the cases?
  • How long does it take for a case to be closed?
  • How long does it take for a case to be closed by an analyst?

The file begins to download once the button is pressed. In the downloaded file, for each case, you will find its id, creation datetime, status, assignee username, assignee email, assigned datetime, dismissed or confirmed datetime, the alert name and folder name the case belongs to and the columns as well as the export datetime.