Views:
Case Viewer allows you to see and manage all your cases from Case Management at any time, in any of the Trend Vision One screens.
Click caseMgmtIcon=1a3ab1a4-fa04-4de8-a398-a4afc497db32.png to open and minimize Case Viewer.
Important
Important
Your organization can upload up to 1 GB of attachments. This limit applies to all cases opened within the organization.
The following table outlines the actions available in Case Viewer.
Action
Description
Show and hide Case Viewer
  • Click Case Viewer icon to show the last case you viewed.
  • Click Hide icon to hide Case Viewer.
View the case list
Click the list icon (listIcon=7c3116b8-7ab2-4238-b375-4245e4aa864d.png) to view available cases and select the case you want to work on.
View case information
Click (Case information icon) to display and update information about the case.
Change the name or description
  1. Click (Case information icon) .
  2. Click Modify under the Name or Description.
  3. Edit the name or description.
  4. Notify others of the change:
    1. Select Send case notification to other email addresses.
    2. Enter one or more email addresses.
  5. Click Modify.
View an associated item
  1. Click (Case information icon).
  2. Click the ID under Associated Items to display an associated item in a new tab.
Change the case status
  1. Click (Case information icon).
  2. Select a Status to update the progress of the case.
Set the case findings
  1. Click (Case information icon).
  2. Select an option to update the Findings of the case:
    • True positive: The investigation confirmed the occurrence of threats or malicious activities.
    • False positive: No malicious activity found.
    • Benign true positive: The investigation confirmed the presence of a genuine threat that poses no risk to the organization.
      Benign true positives are the result of penetration tests or other legitimate activities in your environment.
    • Noteworthy: Trend Vision One detected unusual activity that requires more investigation.
    • -: The investigation has no findings.
Change the case priority
  1. Click (Case information icon).
  2. Select the Priority.
Assign owners
  1. Click (Case information icon).
  2. Click Assign owners to assign accounts within your organization to the case.
Add a workspace to a Forensics case
  1. Click (Case information icon).
  2. Click Create Forensics Workspace to add a new workspace as an associated item.
Open a related case
Related cases are independent subcases that give you the flexibility to divide a complex investigation into small subcases. Related cases supply more information for the main case.
  1. Click (Case information icon).
  2. Click Open related case to link a new case.
  3. Enter case information. See Trend Vision One cases.
View a related case
  1. Click (Case information icon).
  2. Click the related case ID to view a linked case.
Generate an investigation report
Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
If you enabled generative AI in Trend Companion select a case name to open the case details, then go to Three dots iconGenerate investigation report.
Trend Companion generates a threat investigation and remediation report for the case, which you can preview, edit, and download by going to Dashboards and ReportsReports.
This action is only available for Workbench cases with a “True positive” finding.
Create a case summary
Important
Important
This is a pre-release sub-feature and is not part of the existing features of an official commercial or general release. Please review the Pre-release sub-feature disclaimer before using the sub-feature.
If you enabled generative AI in Trend Companion select a case name to open the case details, then go to Three dots iconSummarize case.
Trend Companion summarizes all the notes created in the case since last time a summarized progress note was created. Summarized progress notes are helpful when transferring a case to a new owner.
Update impacted endpoints
Click Update Forensics Workspace to update the workspace with impacted endpoints.
If the case no longer includes an endpoint, Trend Vision One does not automatically remove the endpoint. You can manually remove any impacted endpoints from the workspace.
Add notes to the case
  1. Type any notes in the box.
  2. Click Send icon to add the entry.
Add attachments to case
  1. Click (Case information icon).
  2. Click the three dots at the bottom of the case, and then click Add attachments.
  3. Select a file to attach and click Open.
  4. To add more files, click Add File.
  5. If needed, add notes about the attachments in the Comments field.
  6. Click Save.
Edit an entry
  1. Point to the entry to display the icons.
  2. Click Edit icon.
  3. Type any comments or notes.
  4. Click Save.
Delete an entry
  1. Point to the entry to display the icons.
  2. Click Delete icon.
  3. Click Delete.
Return case to MDR team
Important
Important
This option is only available for MDR cases.
After solving all the situations that required your attention, click Return case to MDR team.
After returning a case to the managed XDR team, you can continue adding notes to provide more information.