# 09\_CaseHub ## Overview With BluSapphire Case-Hub, SOC operations can be automated through a streamlined workflow that minimizes manual work and prioritizes critical security incidents. This ensures that complex security responsibilities are handled and responded to efficiently. ### Features **Events Rules:** Allows to automate certain operations, such as responding to events dynamically by dismissing them, merging them to cases, adding tags, or updating their severity automatically. **Cases:** You can create Cases (or) merge multiple alerts into an existing case and utilize Case Templates to keep track of the investigation of alerts by your analyst. **Intel Lists:** Allows you to create your own internal threat intelligence lists or poll from external sources, both of which will improve events and aid analysts in their investigations. **Inputs Module:** To enable your SOC to analyze events and alerts from datalake (OpenSearch), you can create inputs. Inputs contain the required configuration to pull data from the backend. **Reflex Query Language (RQL)**: In Case-Hub, Event-Rules utilize RQL for querying event data. Analysts can automate event actions for the matched events by creating event query rules that involve mutators and expressions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.blusapphire.io/older-releases/09_casehub.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.