Case-Templates

Case Templates serve as a valuable tool for adding structure to your investigations. They provide a quick and easy way to ensure that each time a Case is opened, it adheres to a predefined process.

Creating Case Templates

Navigate to the "Case Management (Cases)" page from the dashboard.
Change to the "Case Templates" tab and click "New Case Template".
Enter the template details like Title, Description, TLP, Severity, Tags, and click Next
Click + icon, add the appropriate template tasks that will be assigned to cases and worked on by analysts.
Review the Template Details, Tasks, and click Create.

Template Creation Fields

Case Template Fields

Info

Organization

Select the appropriate Organization from the drop-down list. Unless you are leveraging the multitenancy function of Reflex, you may only have one option available here.

Case Title and Description

Provide a title and description for your Case Template to make it easier to locate and utilize. For example, the Case Template title of Phishing could have a description. This Case Template can be used for investigating potential phishing attacks.

TLP

Define the to identify the sensitivity level of information contained in these types of cases.

RED: Not for disclosure, restricted to participants only

AMBER STRICT: Limited disclosure, restricted to participants’ organization

AMBER: Limited disclosure, restricted to participants’ organization and its clients

GREEN: Limited disclosure, restricted to the community

CLEAR: Disclosure is not limited

Severity

Define the severity level you want to be associated with these types of cases

Tags

Provide any additional tags that you would like to have included in the template

Tasks

Tasks can be created as part of the Case Template to define what steps an analyst should complete in order to conduct a proper investigation.

PreviousCases NextEvent-Rules

Last updated 1 year ago