Open cases in Trend Vision One apps and manage your organization’s cases in Case Management.
The Trend Vision One section in Case Management (
) displays the cases opened by your organization's SOC team, IT operations team, or
risk manager. You can open Trend Vision One cases based on incidents, events, and alerts directly
within Trend Vision One apps. Apps that currently support opening Trend Vision One
cases include:
-
Security Playbooks (using the Automated Response Playbook)
-
Cyber Risk Exposure Management
-
Workbench
![]() |
ImportantCase Management automatically closes Trend Vision One cases that are inactive for
60 days. Learn more.
|
The following table outlines the options available in
.
Action
|
Description
|
||
Filter case data
|
Use the available menus to locate specific cases.
|
||
Change the case status
|
Select one or more cases and click Change Status to update the progress of the case.
For cases created in Cyber Risk Exposure Management, the case is automatically changed
to Closed when all associated risk events are remediated, accepted, or dismissed. If not all
risk events have been resolved, you may change risk event status when manually closing
the case.
|
||
Change the case findings
|
Select one or more cases and click Change Findings to update the findings of the case.
|
||
Change the case priority
|
Select one or more cases and click Change Priority to update the priority of the case.
|
||
Attach files to a case |
Click a case name to open the case details and click Attach Files.
Your organization can upload a maximum of one GB of attachment files across all cases
in Case Management.
|
||
Generate an investigation report
|
If you enabled generative AI in Trend Companion click a case name, then go to .
Trend Companion generates a threat investigation and remediation report for the case,
which you can preview, edit, and download by going to
.This action is only available for Workbench cases with a “True positive” finding.
|
||
Create a case summary
|
If you enabled generative AI in Trend Companion, click a case name, then go to .
Trend Companion summarizes all the notes created in the case since last time a summarized
progress note was created. Summarized progress notes are helpful when transferring
a case to a new owner.
|
||
Assign owners
|
Select one or more alerts and click Assign Owners to assign accounts within your organization to the case.
|
||
Change impacted assets
|
For cases created in Cyber Risk Exposure Management, you can select specific impacted
assets and move the assets to a different case or remove the assets from the case.
You can only move assets between cases involving the same risk event.
|
||
Open a sub case
|
Related cases are independent sub cases that give you the flexibility to divide a
complex investigation into small sub cases. Related cases supply more information
for the main case.
Locate a case, click the options icon (
![]() |
||
Add a Forensics workspace to a sub case
|
Locate a Forensics case and click Create Forensics Workspace.
The new Forensics workspace is automatically added to the related case as an associated
item. All endpoints that are part of the impact scope of a Workbench alert/insight
are added to the workspace.
|
||
Enable integration with ServiceNow
|
Click the settings icon (
![]() Integrate with ServiceNow to send Case Management tickets to ServiceNow ITSM to be
managed in the ServiceNow portal. Only Workbench cases created from Automated Response
Playbooks are supported.
|
||
Edit additional notifications
|
For cases created in Cyber Risk Exposure Management, click Edit under the additional notifications information to specify webhooks or email addresses
to use when sending notifications about the case. Configure webhooks in Notifications.
|
For actions available when opening a case, see