The Cases tab on the Managed Services page displays a list of open cases and their details and is your primary source of communication with the Managed Detection and Response (MDR) team. A case is automatically opened when there is a detection or suspicious activity in OneView.
View and filter data
The following columns are available on the Cases tab:
- Alerts: Number of detections tied to the case.
- Assigned analyst: Analyst assigned to the case.
- Case name: Detection (DE) or Suspicious Activity (SA) followed by the endpoint name and path of the detection.
- Close reason: Reason the analyst closed the case.
- Closed at: Time the case was closed.
- Created at: Time the case was opened.
- Endpoint: Name of the device with the alerts.
- ID: ID number for the case. Filter by this column to find a specific case.
- Priority: Urgency of the case.
- Stage: Current phase of the case. Filter by this column for Customer Action Required to see which cases require your action.
- Status: Opened or closed case.
- Updated at: Last time the case was updated.
Click Add / Remove Columns to choose which columns to display.
Filter and sort data
Use the following features to filter and sort data on the Cases tab:
- Column pinning and auto-sizing: Next to a column header, click the General Menu button to display a checkbox list of different pinning and sizing options.
- Filter data: Click on a column filter icon to narrow the results. When clicking on the filter icon, the filter list at the top of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all. Use the filter feature on the ID column to search for a specific case.
Case details
Click on the ID of a case to review comments left by analysts regarding the case, respond to an analyst, and view additional details about the alerts related to a case.
Communications & History
The Communications & History tab of the case details slideout contains case activity, communications, and remediation instructions left by analysts. Narrow down the results on this page by clicking on the icons to view specific events such as comments and status changes.
Use the text field at the bottom of each case to ask questions or confirm steps were completed. This writes to the case wall and is recorded in the case history.
Alerts & Artifacts
A single case may contain multiple alerts, which can indicate several related malicious activities on a single endpoint. These alerts are grouped together for easier analysis. You can view the multiple alerts linked items related to a case by clicking on the Alerts & Artifacts tab. Additionally, the Go to detection button next to each alert takes you to the specific detection or suspicious activity related to the case.
Questions on a closed case
If you have a question on a closed MDR case:
- Click Submit a Request.
- Enter the case number of the case you have a question on.
- Select a priority
- Enter a description
- Click Submit.
For product support questions with OneView, use the Support Cases option on the left navigation of OneView instead.
Return to Managed Detection and Response.