Creating a Case Set

Accessing the Case Set Wizard

You can initiate the Create a Case Set wizard (opens on Select Assets tab) from various locations within Axonius:

• The Case Sets page:

  • Navigate to Case Management>Case Sets and click Create Case Set.

• The Create Case drawer:

  • Click Advanced Options at the bottom of the Create Case drawer.

• Enforcement Actions (Create/Edit Enforcement Set drawer):

  • For a Create Incident or Ticket (category) enforcement action, in the Select Action tab, click Link with a Case.
  • For a Create new case enforcement action, in the Select Action tab, click Link with a Ticket.

• The Findings Center:

  • Run the Create Case action on a selected Finding in the Findings table.

• Workflow Actions:

  • For a Create new case Workflow action, in the Action Setup pane, click Link with a Ticket.
  • For a Create Incident or Ticket Workflow action, in the Action Setup pane, click Link with a Case.

Creating a Case Set Using the Wizard

The Create a Case Set wizard guides you through six steps: Select Assets, Configure Tickets, Configure Case, Add Actions, Schedule Plan, and Additional Conditions.

📘

Note

Axonius auto-fills fields with default values where possible. Required fields are marked with an asterisk (*).

To create a Case Set using the Create a Case Set wizard

1. Step 1 - Select Assets:Choose the assets for the Case Set and optionally assign a unique name and description.
2. Step 2 - Configure Case:Create and configure an Axonius Case to handle the ticket(s) created in the Configure Tickets step.
3. Step 3 - Configure Tickets (optional):Select and configure a Create Incident/Ticket Enforcement action to open tickets with the desired third-party vendor.
4. Step 4 - Add Actions (optional):Select and set up follow-up actions to occur after the Case and ticket creation.
5. Step 5 - Schedule Plan (optional):Schedule a one-time or recurring run of the Case Set based on your desired schedule plan.
6. Step 6 - Additional Conditions (optional):Set any additional conditions for triggering the Case Set.

Selecting the Assets

In this first step, Select Assets (see above screen), you define which assets the Case Set applies to, similar to how you select assets for an Enforcement Set.

This first step, Select Assets (see above screen), is where you define the scope of the Case Set, determining which assets the automation will monitor and act upon. This process is similar to how you select assets for an Enforcement Set.

Required Configuration You must select the asset type (e.g., Devices, Users, or Software) and the specific query that identifies the assets needing remediation or action.

Optional Configuration While defining the assets, you can also set identifying details for the Case Set itself.

• Assign a unique, custom Name to your Case Set for better identification, replacing the default name (e.g., Case Set_nnn).
• Provide a description for your new Case Set by clicking + Add description and in the box that opens, typing a Description.

📘

Note

• Once the Case Set is saved, you cannot modify its name or change the asset type (e.g., Devices, Users, Software) that the query runs on.

• After selecting the asset type and query, the Query Preview automatically displays:

• The Query Count - the number of assets that meet the query criteria.

• The ratio of matching assets Out of Total number of assets.

• If the configured query currently yields zero results, the Case Set can be saved. However, no Case Set will be created until assets matching that query appear in the system.

Configuring Tickets

The second wizard step - Configure Tickets is where you can optionally link tickets to the Case. To do so, toggle on Link ticket to the case.

Once enabled, select an existing Create Incident or Create Ticket enforcement action. Then, configure its Required Fields and optionally, its Additional Fields. Any new tickets generated by the selected third-party Enforcement Action will be automatically associated with the Axonius Case.

📘

Note

For Enforcement Actions that create a ticket per asset, multiple tickets may be created per Case. For others, a single ticket is created per Case.

To select the third-party vendor for the ticket and configure its fields

1. From the Select Vendor and Action dropdown, select an enforcement action that opens tickets at your desired third-party vendor.

2. The configuration screen of the selected Create Incident and Ticket enforcement action opens. It has a tab for Required Fields and one or more tabs for additional optional fields divided into categories - one tab per category, to the right of the Required Fields tab. If there is only one category, the tab is labeled Additional Fields.

3. In the Required Fields tab:

   • If you want to configure dynamic values for this action, toggle on Configure Dynamic Values and Define the statement using the Dynamic Value Statement Wizard or the Syntax Helper with Autocomplete feature(the default; see screen below). For more details on statement syntax, refer to Creating Enforcement Action Dynamic Value Statements.

   • If you want to use stored credentials from the adapter associated with the Enforcement Action, toggle on Use stored credentials from adapter-name adapter.

     

4. Fill in the remaining Required Fields for the Main Action. To learn more about each Enforcement Action and its required fields, navigate to the Enforcement Action documentation via the Enforcement Action Index.

5. Click each additional tab and provide values for the optional fields that you want to use. Refer to the Enforcement Action Index for details on each field of every Enforcement Action.

Configuring the Case

The third wizard step, Configure Case, is where you create and configure an Axonius Case to handle the ticket(s) created in the Configure Tickets step of the Case Set.

The Required Fields and Additional Fields for Cases in Binging Sets are similar to those for standard Cases. In Case Sets, these fields are organized into tabs, whereas the Create Case drawer presents these fields on one screen. Learn how to fill in these Case fields.

Configuring the Schedule Plan

Axonius supports scheduling a Case Set to run at specified times and under certain conditions. Scheduling criteria are available in step 5 of the wizard, Schedule Plan.

The scheduling criteria for Case Sets are similar to those for Enforcement Sets. Learn more on how to configure each schedule plan.

Configuring Additional Run Conditions

The sixth wizard step, Additional Conditions, is where you can set further conditions for triggering the Case Set. You can add as many conditions as required.

The additional run conditions for Case Sets are similar to those for Enforcement Sets. Learn more about how to configure additional run conditions.