Events

Case-Hub Event-Queue

In Case-Hub, Any item in the Event Queue that you want to act on is considered an event. Events do not necessarily have to be connected to security, they could be network-related alerts, among others. Events serve as the primary action item for Analysts and Users of Case-Hub and will appear in the Event Queue as a card.

Event States

Events can exist in four different states to indicate where analysts are at in the triage process:

Status

Description

New

The default state for all new events (unless acted on by an Event Rule that overrides this status)

Open

Indicates that the event has been added to a case and is awaiting the analyst/client's input/review

Dismissed

State an event goes to when it has been automatically or manually dismissed

Closed

Indicates that the Event was worked in a case that has now been closed

Previous09_CaseHub NextCases

Last updated 1 year ago