Views:
Case Viewer allows you to see and manage all your cases from Case Management at any time, in any of the Trend Vision One screens.
Click caseMgmtIcon=1a3ab1a4-fa04-4de8-a398-a4afc497db32.png to open and minimize Case Viewer.
Important
Important
Your organization can upload up to 1 GB of attachments. This limit applies to all cases opened within the organization.
The following table outlines the actions available in Case Viewer.
Action
Description
Show and hide Case Viewer
  • Click Case Viewer icon to show the last case you viewed.
  • Click Hide icon to hide Case Viewer.
View the case list
Click the list icon (listIcon=7c3116b8-7ab2-4238-b375-4245e4aa864d.png) to view available cases and select the case you want to work on.
View case information
Click (Case information icon) to display and update information about the case.
Change the name or description
  1. Click (Case information icon) .
  2. Click Modify under the Name or Description.
  3. Edit the name or description.
  4. Notify others of the change:
    1. Select Send case notification to other email addresses.
    2. Enter one or more email addresses.
  5. Click Modify.
View an associated item
  1. Click (Case information icon).
  2. Click the ID under Associated Items to display an associated item in a new tab.
Change the case status
  1. Click (Case information icon).
  2. Select a Status to update the progress of the case.
Set the case findings
  1. Click (Case information icon).
  2. Select an option to update the Findings of the case:
    • True positive: The investigation confirmed the occurrence of threats or malicious activities.
    • False positive: No malicious activity found.
    • Benign true positive: The investigation has confirmed the presence of a genuine threat that poses no risk to the organization.
      Benign true positives are the result of penetration test or other legitimate activities in your environment.
    • Noteworthy: Unusual activity that requires more investigation has been detected.
    • -: The investigation has no findings.
Change the case priority
  1. Click (Case information icon).
  2. Select the Priority.
Assign owners
  1. Click (Case information icon).
  2. Click Assign owners to assign accounts within your organization to the case.
Add a workspace to a Forensics case
  1. Click (Case information icon).
  2. Click Create Forensics Workspace to add a new workspace as an associated item.
Open a related case
Related cases are independent subcases that give you the flexibility to divide a complex investigation into small subcases. Related cases supply more information for the main case.
  1. Click (Case information icon).
  2. Click Open related case to link a new case.
  3. Enter case information. See Trend Vision One cases.
View a related case
  1. Click (Case information icon).
  2. Click the related case ID to view a linked case.
Update impacted endpoints
Click Update Forensics Workspace to update the workspace with impacted endpoints.
If the case no longer includes an endpoint, Vision One does not automatically remove the endpoint. You can manually remove any unimpacted endpoints from the workspace.
Add notes to the case
  1. Type any notes in the box.
  2. Click Send icon to add the entry.
Add attachments to case
  1. Click (add_icon=cf892c2f-1a1f-4d22-848f-023067e4a507.png) to select the files.
  2. Select the file.
  3. If you have additional files, click Add File.
  4. If you need to remove an attachment, click Remove icon next to the file name.
  5. Click Save.
Edit an entry
  1. Point to the entry to display the icons.
  2. Click Edit icon.
  3. Type any comments or notes.
  4. Click Save.
Delete an entry
  1. Point to the entry to display the icons.
  2. Click Delete icon.
  3. Click Delete.
Return case to MDR team
Important
Important
This option is only available for MDR cases.
After solving all the situations that required your attention, click Return case to MDR team.
After returning a case to the managed XDR team, you can continue adding notes to provide more information.