Views:

Manage your organization’s cases by utilizing the options available in Case Management.

The Trend Vision One tab in Case Management displays the cases opened by your organization's SOC team.
Important
Important
Your organization can upload up to 1 GB of attachments. This limit applies to all cases opened within the organization.
The following table outlines the options available in the Trend Vision One tab of Case Management (Workflow and AutomationCase Management).
Action
Description
Filter case data
Use the available dropdown menus to locate specific cases.
  • Status: The current status of a case.
    Available statuses:
    • Open (case_Open=a774979f-2790-4cd1-8161-b5dc82579473.png)
    • In progress (case_InProgress=4a4e6461-7031-48c5-87b7-683b43ff9da4.png)
    • Closed (case_Closed=ba556e15-9f9e-4e7a-9007-12f89a447dd4.png)
  • Findings: The findings of a case.
    Available values:
    • True positive: The investigation confirmed the occurrence of threats or malicious activities.
    • False positive: No malicious activity found.
    • Benign true positive: The investigation has confirmed the presence of a genuine threat that poses no risk to the organization.
      Benign true positives are the result of penetration test or other legitimate activities in your environment.
    • Noteworthy: Unusual activity that requires more investigation has been detected.
    • -: The investigation has no findings.
  • Priority: The priority the owner assigned to the case.
    Available values:
    • P0
    • P1
    • P2
    • P3
  • Owners: The Trend Vision One accounts assigned to the case.
Change the case status
Select one or more cases and click Change Status to update the progress of the case.
Change the case findings
Select one or more cases and click Change Findings to update the findings of the case.
Change the case priority
Select one or more cases and click Change Priority to update the priority of the case.
Assign owners
Select one or more alerts and click Assign Owners to assign accounts within your organization to the case.
Important
Important
Assigning owners has the following limitations:
  • For IdP-only SAML group users:
    • You can only assign users who have signed in and are still cached in Trend Vision One.
    • The User Accounts screen cannot list all users under the IdP-only SAML group.
  • IdP-only SAML groups and IdP-only SAML group users cannot get email notifications.
Open a sub case
Related cases are independent sub cases that give you the flexibility to divide a complex investigation into small sub cases. Related cases supply more information for the main case.
Locate a case, click the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) at the end of the row, and click Open Related Case. The new case is automatically linked with the main case.
Add a Forensics workspace to a sub case
Locate a Forensics case and click Create Forensics Workspace.
The new Forensics workspace is automatically added to the related case as an associated item. All endpoints that are part of the impact scope of a Workbench alert/insight are added to the workspace.
Enable integration with ServiceNow
Click the settings icon (gear_icon=fc9a51ad-35af-4fe3-92c6-5e41b2dfc5d9.png) in the upper-right corner and turn on the integration with ServiceNow.
Integrate with ServiceNow to send Case Management tickets to ServiceNow ITSM to be managed in the ServiceNow portal.