The Cases tab on the Managed Services page displays a list of open cases and their details. A case is automatically opened when there is a detection or suspicious activity in your Nebula console.
View and filter data
The following columns are available on the Cases tab:
- Alerts: Number of detections tied to the case.
- Assigned analyst: Analyst assigned to the case.
- Case name: Detection (DE) or Suspicious Activity (SA) followed by the endpoint name and path of the detection.
- Close reason: Reason the analyst closed the case.
- Closed at: Time the case was closed.
- Created at: Time the case was opened.
- Endpoint: Name of the device with the alerts.
- ID: ID number for the case.
- Priority: Urgency of the case.
- Stage: Current phase of the case.
- Status: Opened or closed case.
- Updated at: Last time the case was updated.
Click Add / Remove Columns to choose which columns to display.
Filter and sort data
Use the following features to filter and sort data on the Cases tab:
- Column pinning and auto-sizing: Next to a column header, click the filter button to display a checkbox list of different sub-filters you can apply. Click the filter tab to pin or auto size for the selected column.
- Filter data: Click on a column filter icon to narrow the results. When clicking on the filter icon, the filter list at the top of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all. Use the filter feature on the ID column to search for a specific case.
Case details
Click on the ID of a case to review comments left by analysts regarding the case, respond to an analyst, and view additional details about the alerts related to a case.
Communications & History
The Communications & History tab of the case details slideout contains case activity, communications, and remediation instructions left by analysts.
Narrow down the results on this page by clicking on the icons to view specific events such as comments and status changes.
Alerts & Artifacts
A single case may contain multiple alerts, which can indicate several related malicious activities on a single endpoint. These alerts are grouped together for easier analysis. You can view the multiple alerts linked items related to a case by clicking on the Alerts & Artifacts tab. Additionally, the Go to detection button next to each alert takes you to the specific detection or suspicious activity related to the case.
Questions on a closed case
If you have a question on a closed MTH case:
- Click Submit a Request.
- Enter the case number of the case you have a question on.
- Select a priority
- Enter a description
- Click Submit.
For product support questions with Nebula, open a ticket on the Support page of Nebula instead. See Manage support tickets in Nebula.
Return to Managed Threat Hunting guide for Nebula.