The Cases tab in the Managed Detection and Response (MDR) portal displays open or active cases, their details, and is your primary source of communication with the MDR team. A case is automatically opened when there is a detection or suspicious activity in your OneView console. Filter and search cases on the left and select a case for a deeper understanding of activity within the case.
To access the Cases tab, click MDR Portal in the top-right of OneView. This is the default tab when launching the MDR Portal.
When selecting a case, the case title, ID number, and case creation date display along the top. Cases use the following naming scheme: Case type, endpoint name, entity or indicator of compromise, and if available, endpoint username.
Click the case overview icon next to the numbered tab for the Overview tab, which includes a summary of the entire case. Review any pending actions and view alerts from this tab.
Your MDR team uses the case wall to communicate any important information to you. Click Wall under the case overview icon to view this information. This tab is an audit for the entire case and lists all alerts, communications, activity from analysts, and remediation instructions. All communication and steps from the MDR team are listed on the case wall of each case.
Use the text field at the bottom of each case to ask questions or confirm steps were completed. Begin your message by typing @analyst, which alerts the MDR team of your comment. This writes to the case wall and is recorded in the case history. Filter the Wall tab by clicking on the icons to view specific events such as comments and status changes.
A single case may display multiple alert tabs. This can indicate multiple related malicious activities and are aggregated for ease of analysis. Click the numbered tabs next to the case overview icon to view alert-specific actions, events, and details. For additional details on all entities and events in the alert, click View More under the Entities Highlights and Events widgets.
Return to Managed Detection and Response.