- 28 Oct 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Case Management Overview
- Updated on 28 Oct 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Cases (similar to "in-house tickets") enable you to resolve issues of certain types from within Axonius, instead of opening a ticket in a third-party system.
Case is an internal module type, similar to Activity Logs.
You can create Cases based on the following
Queries - From the Case Management page, you create Cases based on simple queries.
- You can use Axonius queries to identify problems or anomalies in the system that require fixing. For example, 'Devices that have not been seen in the last 30 days' or 'Running GCP Instances Not Covered by an Endpoint Protection Tool (AX)'.
- When you identify problematic assets using a Query, you can create a Case in Axonius to deal with the problem, assign the Case to a relevant User for remediation, and then manage the Case and track its progress until all assets with the issue are resolved.
- You can link a Case to any type of asset query in a many-to-many asset-case relation. You cannot link a case to an internal module query, such as Adapters Fetch History.
Finding Rules - From the Findings Center, you create Cases based on Findings Rules.
- You create the Case either from an Alert triggered by a rule (in the Alerts table) or from a Finding Rule (in the Rule Management table).
You can manage all Cases in the system from one central location - the Case Management page.
Case Management Use Cases
Asset Management
- Case Title: Install Tanium on all devices
- Query: Devices without Tanium installed
- Assignee: IT expert
- Due date: February 18th, 2024
Problem Space
A query running in Axonius shows many devices are without Tanium installed on them, meaning that these devices are at a security risk. You want the IT expert in your organization to take care of this by the end of the week.
Solution
Create a Case, link it to this query, assign the case to an IT expert, and set a due date to complete the task. You can link additional queries or Enforcement Sets to the Case, and notify users via email about the new Case assigned to them. Once the Case is saved, you can track its progress. Each time the IT expert installs Tanium on a device, the green progress bar advances.
Benefits
There is no need to open a ticket/incident with a third-party vendor for classic management asset use cases, such as this.
Vulnerability Management
Case Title: Remediate Java 10 exploit
Query: Devices with vulnerabilities CVE-123, CVE-124, CVE-125
Assignee: Jane Smith
Due date: April 6th, 2024
Linked remediation: Update Java version to 12
Problem Space
A query running in Axonius shows many devices with vulnerabilities CVE-123, CVE-124, and CVE-125. You want a worker in your organization to remove these vulnerabilities from these devices by the end of the week.
Solution
Create a Case, link it to this query, assign the Case to Jane Smith, and set a due date to complete the task. You can link an Enforcement Set that is designed to upgrade Java in devices to version 12, which should reduce the number of vulnerabilities. Once the Case is saved, you can track its progress.
Benefits
There is no need to open a ticket/incident with a third-party vendor for classic vulnerability management use cases.