The Cases tab on the Managed Services page displays a list of open cases and their details and is your primary source of communication with the Managed Detection and Response (MDR) team. A case is automatically opened when there is a detection or suspicious activity in OneView. Once a case is closed, it stays in the console for viewing and data retention for 1 year.
View and filter data
The following columns are available on the Cases tab:
- Alerts: Number of detections tied to the case.
- Assigned analyst: Analyst assigned to the case.
- Case name: Detection (DE) or Suspicious Activity (SA) followed by the endpoint name and path of the detection.
- Close reason: Reason the analyst closed the case.
- Closed at: Time the case was closed.
- Created at: Time the case was opened.
- Endpoint: Name of the device with the alerts.
- ID: ID number for the case. Filter by this column to find a specific case.
- Priority: Urgency of the case.
- Stage: Current phase of the case. Filter by this column for Customer Action Required to see which cases require your action.
- Status: Opened or closed case.
- Updated at: Last time the case was updated.
Click Add / Remove Columns to choose which columns to display.
Filter and sort data
Use the following features to filter and sort data on the Cases tab:
-
Column pinning and auto-sizing: Next to a column header, click the General Menu
button to display a checkbox list of different pinning and sizing options.
-
Filter data: Click on a column filter icon
to narrow the results. When clicking on the filter icon, the filter list at the top of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all. Use the filter feature on the ID column to search for a specific case.
Case details
Click on the ID of a case to review comments left by analysts regarding the case, respond to an analyst, and view additional details about the alerts related to a case.
Communications & History
The Communications & History tab contains the case activity, closure details, and messages from the analysts, including remediation steps, for example. Narrow down the results on this page by clicking on the icons along the top to view specific events such as comments and status changes.
Use the text field at the bottom of each case to communicate with analysts, ask questions or confirm steps were completed. These comments are recorded in the case history.
Alerts & Artifacts
A single case may contain multiple alerts, which means several detections of potentially malicious activities on a single endpoint or device. Artifacts are simply details that might be relevant to the detection, like the exact time, the IP address being reached, or the file path of the file that is involved.
These alerts are grouped together for easier analysis. You can view the multiple alerts and linked items by clicking on the Alerts & Artifacts tab. Each alert also has a Detection button that leads you to the specific detection or suspicious activity related to that case.
Questions on a existing case
If you have a question on an existing case MDR case:
- Click Submit a Request.
- Optionally, enter the case number of the case.
- Select a priority
- Enter a description
- Click Submit.
For product support questions with OneView, open a ticket from the Support page of OneView instead. For more information, see Your Support Portal account for OneView.
Return to Managed Detection and Response.