Creating a New Case

Updated
  • Updated on Jul 8, 2025
  • Published on Feb 6, 2024
  • 9 minute(s) read
Prev Next

You can create a new Case to track, monitor, and remediate similar assets using either of the following methods:

  • Manual creation (from the Case Management page) - Create a one-time Case based on a query defined at the time the Case is created. This method is described in this section.
  • Manual creation (from the Findings Center) - Cases can also be initiated from within the Findings Center. This method is described here.
  • Automation Creation (From the Enforcement Center) - Configure a new Case using the Create new case enforcement action within an Enforcement Set. This automatically creates Cases base on the Enforcement Set's query (equivalent to the Base query in the first method) and schedule (Discovery Cycle or other defined schedule).

Each created Case runs on assets resulting from the query that runs at the time that the Case is created, which usually changes over time as assets are added and removed from the system. There is also an option (recommended) to run the Enforcement Set on added assets only, i.e., create a Case that runs on the delta of Query results since the previous Enforcement Set run. This is recommended and avoids processing the same assets multiple times. In this method, you can add an enforcement action from the Notify category to send an external notification informing that a Case has been created.

This section describes the first method of creating a one-time Case from the Case Management page.

Required Permissions

You require View user accounts and roles permissions to create a Case.
AssignCasePermissions
Learn more about how to manage Roles.

Creating a Case from the Case Management Page

When creating a new Case, you need to provide a name, select the issue type, and link it to a primary asset query (Base Query). You also have the option to:

  • Set the Case priority, assign it to a relevant user, set a due date for resolving the Case, and more.
  • Link additional related queries and/or Enforcement Sets to the Case, similar to linking data to a Jira or Zendesk ticket.
  • Link a ticket to the Case to create a Case Set.
  • Notify assignees or others via email about the new Case.

When you save a newly created Case, a list of assets currently matching the query is also saved. From that point on, Case Progress is calculated based on assets that leave the query due to their being reconciliation or remediation. You can manage the new Case alongside existing Cases from the Case Management page. You can also open the configuration of any Case to track its progress and change its status or any other field (except the Base Query). A Case can be closed when all initial assets (with the exception of assets that may be removed from the system over time) are remediated.

To create a new Case

  1. On the Case Management page, click Create Case. The Create Case drawer - Case tab opens.

  2. In the Case tab (open by default), configure the Case details.

  3. If you do not want to link tickets to the Case, click Create. The Case is added to the Case Management table.

    Note:

    The Create button becomes enabled only after you configure all required Case fields.

  4. If you want to link a ticket to the Case, click + Link Ticket. A new Create Ticket tab replaces the link. Link a ticket to the Case to create a Case Set.

    Note:

    If you toggled on Set Email Notification (see above), all specified email recipients receive an email in the following format: A new Axonius case has been assigned to you followed by a link to the new Case and your custom message.

CreateCaseDrawer

Configuring the Case

Under the Case tab (open by default), fill in the Case configuration details.

To configure the Case

  1. Fill in the Case information.
  2. Create the Base Query monitored by the Case.
  3. Optionally, create one or more additional Queries related to the Case.
  4. Optionally, link Enforcements to the Case.
  5. Optionally, set an email notification to inform the Case assignee (recommended) and others about the Case opening.

Filling in Case Information

This section explains how to complete the Case details, including Case Title, Type, Priority of the Case, Status, Due Date, and Assignee.

To fill in Case information

  1. In Case title (required) , type a name for the Case.

  2. In the Description field (optional) that opens, type a short description of the Case.

  3. From the Type (required) dropdown list (alphabetically ordered), select the case type that best describes the issue: Application missing/installation, Data Breach Remediation, Groups Synchronization/Migration, IT - General, Other Cases, Reduce Attack Surface, Security - General, Upgrades, Vulnerability Remediation.

  4. From the Priority dropdown (required, default: P0), select the priority of the Case, i.e., the urgency of the case. Available priorities: P0 (default, highest priority), P1, P2, P3, or P4 (lowest priority).
    PriorityDropdown

  5. From the Status dropdown (optional, default: To Do), select one of the following statuses: To Do (default), Backlog, In Progress, Done.
    StatusDropdownToDo

  6. Enable Auto-Update status (the default) for the system to dynamically update the case status based on the progress, or disable it to allow manual status changes.

    • For Auto-Update status enabled, the system automatically updates the case status based on the defined progress rules as follows:
      • When Case progress moves above 0%, To Do cases change to In Progress.
      • When Case progress reaches 100%, To Do and In Progress cases change to Done.

  7. Set the Case Due date (optional) to one of the following options:

    • No due date - No deadline is set for resolving the Case.
    • On - Set a specific due date. Click the calendar icon CalendarIcon to open the calendar, select the due date and time (optional), and then click Ok.
    • After - Set the due date relative to the current date. In the first dropdown, select the number. In the second dropdown, select the unit of time: Hours, Days, Weeks, or Months.

  8. From the Assignee (optional) dropdown, select one user only to take care of the Case. The dropdown list shows users only from your data scope. Clicking the adjacent trashcan icon clears the selected assignee.

    • You can postpone assigning a Case to a user to some time after Case creation.

Creating the Base Query Monitored by the Case

When you create a Case from the Case Management screen, under Query type, the Simple Query button is enabled by default. This section describes how to define the base query that the Case will track.

Note:

When you create a Case from the Case Management screen, the Finding button is disabled. You can also create a Case from an alert or rule in the Findings Center.

To create the Base query monitored by the Case

  1. Under Query type - Simple Query, in the Base query (Required) section, from the Module dropdown, select an asset type, and from the Select Query dropdown, select an existing query for the selected asset type, or click + Add Query to create a new query. To learn more about creating a new query, see Creating a New Query.
    * The Base Query can only be an asset query; not an internal module query, such as Adapters Fetch History.
    * Hover over the selected Query and then click the View or Edit Query icon to verify the query or if necessary, edit the Query.

    VerifyQuery

    The following screen shows the unclear admin status query drawer.
    QueryDrawer1

Creating Additional Queries

You can optionally configure additional queries that are related to the Case. The Case does not track the progress of these additional queries.

To configure additional queries

  1. Under Additional Queries (Optional), select one or more queries related to the Case.
    • From the Module dropdown, select an asset type, and from the Select Query dropdown, select an existing query for the selected asset type, or click + Add Query to create a new query. To learn more about creating a new query, see Creating a New Query.
      * Click the + button to select an additional query.
      * Click the adjacent trashcan icon to delete the added query.
    • Hover over the selected Additional Query and then click the View or Edit Query icon to verify or edit the query (similar to Base Query above).

Linking Enforcements to the Case

You can optionally link one or more Enforcement Sets to the Case.

To link Enforcements to the Case

  1. Under Linked Enforcements (optional), from the Select Enforcement dropdown, select one or more Enforcement Sets to link to the Case.
    • Click the + button to select each additional Enforcement Set to link.
    • Click the adjacent trashcan icon to clear the selected Enforcement Set.

Setting an Email Notification

This section describes how to set an email notification notifying about the creation of new Case.

Note:

You can set email notifications only if email settings are configured under System Settings.

To set an email notification

  1. Under Email Notification, toggle on Set Email Notification (default: Disabled)* to set up an email notifying about the new Case.
  2. In Email Recipients, type one or more email recipients, clicking Add for each additional recipient. It is recommended that at least one of these recipients should be the Assignee.
  3. In Custom Message, type text to be added to the body of the email.

Creating a Case Set

From the Create Case drawer - Create Case tab, you can link a ticket to a Case in either of the following ways:

  • Quick one-time Case Set - Choose an Enforcement Action to create a ticket and then save the Case. This automatically generates a basic, one-time Case Set without using the Create a Case Set wizard.
  • Advanced Recurring Case Set - Open Advanced Options to launch the Create a Case Set wizard, allowing you to configure scheduling and other advanced settings.
Note:

To unlink a ticket from the Case, click the X near the Create Ticket tab.

To create a single-run Case Set
This method creates a one-time Case Set immediately, linking a ticket to your Case.

  1. In the Create Case drawer, to the right of the Case tab, click + Link Ticket.

  2. In the Create Ticket tab, from the Select vendor and action dropdown, choose the Enforcement Set action for creating a ticket in a third-party vendor. Only the required fields for your selected Enforcement Action are displayed.

  3. Fill in all required fields to configure this Enforcement Set.

  4. Click Create Case Set. The newly created Case Set appears in the table on the Case Sets page.

    Note:

    • The Create Case Set button becomes enabled only after you configure all required Case and Ticket fields.

    • From the Case Sets table on the Case Sets page, you can open this single-run Case Set to add scheduling and other advanced settings using the Create a Case Set wizard.

To create a recurring Case Set
This method uses the wizard to define a Case Set with comprehensive scheduling and other configurations from the start.

  1. In the Create Ticket tab, click Advanced Options. The Create a Case Set wizard opens.
  2. Create a Case Set using the Wizard. The Case Set appears on the Case Sets page.