Events

Case-Hub Event-Queue

In Case-Hub, Any item in the Event Queue that you want to act on is considered an event. Events do not necessarily have to be connected to security, they could be network-related alerts, among others. Events serve as the primary action item for Analysts and Users of Case-Hub and will appear in the Event Queue as a card.

Event States

Events can exist in four different states to indicate where analysts are at in the triage process:

Status	Description
New	The default state for all new events (unless acted on by an Event Rule that overrides this status)
Open	Indicates that the event has been added to a case and is awaiting the analyst/client's input/review
Dismissed	State an event goes to when it has been automatically or manually dismissed
Closed	Indicates that the Event was worked in a case that has now been closed

Status

Description

New

The default state for all new events (unless acted on by an Event Rule that overrides this status)

Open

Indicates that the event has been added to a case and is awaiting the analyst/client's input/review

Dismissed

State an event goes to when it has been automatically or manually dismissed

Closed

Indicates that the Event was worked in a case that has now been closed

Previous09_CaseHub NextCases

Last updated 1 year ago