The Cases tab in the Managed Detection and Response (MDR) portal displays open or active cases, their details, and is your primary source of communication with the MDR team. A case is automatically opened when there is a detection or suspicious activity in your Nebula console. Filter and search cases on the left and select a case for a deeper understanding of activity within the case.
To open a case in the MDR portal, refer to the Your Workdesk page. For more information, see Your Workdesk overview of Managed Detection and Response with Nebula.
For assistance with Nebula, open a support ticket in Nebula instead. See Manage support tickets in Nebula.
To access the Cases tab, click MDR Portal in the top-right of Nebula. This is the default tab when launching the MDR Portal.
Case details
When selecting a case, the case title, ID number, and case creation date display along the top. Cases use the following naming scheme: Case type, endpoint name, entity or indicator of compromise, and if available, endpoint username.
Case summary
Click the case overview icon next to the numbered tab for the Overview tab, which includes a summary of the entire case. Review any pending actions and view alerts from this tab.
Case wall
Your MDR team uses the case wall to communicate any important information to you. Click the wall icon next to the case overview icon to view this information. This tab is an audit for the entire case and lists all alerts, communications, activity from analysts, and remediation instructions. All communication and steps from the MDR team are listed on the case wall of each case.
Use the text field at the bottom of each case to ask questions or confirm steps were completed. Begin your message by typing @analyst, which alerts the MDR team of your comment. This writes to the case wall and is recorded in the case history. Filter the wall tab by clicking on the icons to view specific events such as comments and status changes.
Case alerts
A single case may display multiple alert tabs. This can indicate multiple related malicious activities and are aggregated for ease of analysis. Click the numbered tabs next to the case overview icon to view alert-specific actions, events, and details. For additional details on all entities and events in the alert, click View Details under the Entities Highlights widget and View more under the Events tab.