Axonius Documentation
Start typing to search…

Creating a New Case

You can create a new Case to track, monitor, and remediate similar assets using one of the following methods:

  • Manual from the Case Management page - This method is described on this page. You create a one-time Case based on a specific query, and the system automatically creates a Case Set, which allows you to schedule the Case to run again later.
  • Manual from the Findings Center - This method lets you create a Case directly from the Findings Center.
  • Automated from the Enforcement Center - This method uses the Create new case enforcement action within an Enforcement Set to automatically generate Cases based on a predefined query (equivalent to the Base query in the first method) and schedule (Discovery Cycle or other defined schedule).

Running Cases on Added Assets Only

By default, each case runs on all assets that match its query at the time of creation. As your asset inventory changes, running a case on "added assets only" (the delta of new query results) is a recommended option to avoid processing the same assets multiple times.

To do this, simply select the Run on added entities only option under Additional Conditions when using the Create new case enforcement action or the Create A Case Set wizard.

Each created Case runs on assets resulting from the query that runs at the time that the Case is created, which usually changes over time as assets are added and removed from the system. There is an option (recommended) to run a Case on added assets only, i.e., run a Case on the delta of Query results since the previous Case run. When using the Create new case enforcement action or Create A Case Set wizard, you can do this by selecting the Run on added entities only option under Additional Conditions. This avoids processing the same assets multiple times.

Required Permissions

You require View user accounts and roles permissions to create a Case. Learn more about how to manage Roles.​​

Creating a Case from the Case Management Page

When you create a Case from the Case Management page:

  • A Create Case drawer opens for defining the Case details.
  • A Case Set is automatically opened for this Case, giving you the option to configure the Case (now or at a later time) to run automatically on a schedule. If you don't define a schedule, the Case Set is created anyway in the system, but the Case runs only once.

The Create Case drawer provides three tabs:

  • Case Configuration - In this tab, you define the Case details, such as its purpose, the query for the assets it will track, and other settings. Once you fill in the mandatory fields in this tab, you can create a one-time Case.

  • Select Schedule - In this tab, you set up a schedule for automatic running of the case. If you do not select a schedule, the Case runs once only.

  • Case Set Name - This tab is for naming the automation that manages this case. The system automatically assigns a default name to a corresponding Case Set. You can assign another unique name and also provide a description of what the Case does.

📘

Note

You can also click Advanced Options at the bottom of the Create Case drawer to navigate directly to the Create a Case Set wizard. In this case, a Case Set is added to the Case Sets table, but a Case is not added to the Cases table.

When you save a newly created Case, a list of assets currently matching the query is also saved. From that point on, Case Progress is calculated based on assets that leave the query due to their being reconciliation or remediation. You can manage the new Case alongside existing Cases from the Case Management page. You can also open the configuration of any Case to track its progress and change its status or any other field (except the Base Query). A Case can be closed when all initial assets (with the exception of assets that may be removed from the system over time) are remediated.

To create a new Case

  1. On the Case Management page, click Create Case. The Create Case drawer - Case Configuration tab opens.
  2. Fill in the required Case information.
  3. Optional: In the Select Schedule tab,automate the running of the Case.
  4. Optional: In the Case Set Name tab,rename the automatically created and named Case Set and add a description.
  5. Click Create Case. The Case is now added to the Case Management table, and its corresponding Case Set is added to the Case Sets table.
CreateCaseDrawer

Filling in Case Information

This section explains how to fill in the fields in the Case Configuration tab.

To fill in the Case information

  1. In the Case title (required), type a name for the Case.

  2. In the Description field (optional), type a short description of the Case.

  3. Select the base query to be monitored by the Case: Under Query type - Simple Query, in the Base query (Required) section, from the Module dropdown, select an asset type, and from the Select Query dropdown, select an existing query for the selected asset type, or click + Add Query to create a new query. To learn more about creating a new query, see Creating a New Query.

    • The Query type is Simple Query, and is not selectable. When you create a Case from the Findings Center, Finding is enabled.
    • The Base Query must be an asset query; not an internal module query, such as Adapters Fetch History.
    • Hover over the selected Query and then click the View or Edit Query icon to verify it, or if necessary,edit the Query.
    VerifyQuery

  4. From the Type (required) dropdown list, select the case type that best describes the issue (e.g., Application missing/installation, Data Breach Remediation).

  5. From the Priority dropdown (required, default: P0), select the urgency of the case. P0 (highest priority) to P4 (lowest priority).

  6. From the Status dropdown (optional, default: To Do), select one of the following statuses: Backlog, To Do (default), In Progress, Done.

  7. Enable Auto-Update status (default: enabled) for the system to dynamically update the case status as progress is made.

    • When Case progress moves above 0%, To Do cases change to In Progress.
    • When Case progress reaches 100%, To Do and In Progress cases change to Done.
    • You can disable Auto-Update status for manual control.

  8. Set the Case Due date (optional) to one of the following options:

    • No due date - No deadline is set for resolving the Case.
    • On - Set a specific due date. Click the calendar icon to open the calendar, select the due date and time (optional), and then click Ok.
    • After - Set the due date relative to the current date. In the first dropdown, select the number. In the second dropdown, select the unit of time: Hours, Days, Weeks, or Months.

  9. From the Assignee (optional) dropdown, select one user only to take care of the Case. The dropdown list shows users only from your data scope. Clicking the adjacent trashcan icon clears the selected assignee.

    • You can postpone assigning a Case to a time after Case creation.

  10. Under Additional Queries (Optional), select one or more queries related to the Case.. The Case does not track the progress of these additional queries.

    • From the Module dropdown, select an asset type, and from the Select Query dropdown, select an existing query for the selected asset type, or click + Add Query to create a new query. To learn more about creating a new query, see Creating a New Query.
      • Click the + button to select an additional query.
      • Click the adjacent trashcan icon to delete the added query.
      • Hover over the selected Additional Query and then click the View or Edit Query icon to verify or edit the query (similar to Base Query above).

  11. Under Linked Enforcements (optional), from the Select Enforcement dropdown, select one or more Enforcement Sets to link to the Case.

    • Click the + button to select each additional Enforcement Set to link.
    • Click the adjacent trashcan icon to clear the selected Enforcement Set.

  12. Toggle on Email notification (default: disabled) to inform about the Case opening.

    • In Email Recipients, type one or more email recipients, clicking Add for each additional recipient. It is recommended that at least one of these recipients should be the Assignee.
    • In Custom Message, type text to be added to the body of the email. In this method, you can add an enforcement action from the Notify category to send an external notification informing that a Case has been created.
📘

Note

  • You can set email notifications only if email settings are configured under System Settings.

  • If you toggled on Set Email Notification (see above), all specified email recipients receive an email in the following format: A new Axonius case has been assigned to you, followed by a link to the new Case and your custom message.

Configuring the Schedule Plan

The Select Schedule tab enables you to schedule the run of the automatically created Case Set directly from the Create Case drawer. You can set the schedule so that the newly created Case runs automatically at specified times and under certain conditions. Otherwise, the Case runs only once, and the Case Set defines a one-time Case.

To set a schedule plan in the Case Set

  1. Open the Select Schedule tab, and under Select a Schedule Plan, click On.
  2. In the dropdown, select the desired schedule. The scheduling criteria are similar to those for Enforcement Sets. Learn more about configuring each schedule plan.

Assigning a Case Set Name

When you begin the process of creating a new Case, the process of creating a Case Set for this new Case automatically begins. The Case Set is automatically assigned a name by the system. You can change this name and add a Description of what the Case aims to resolve.

To assign a Case Set name and description

  1. Open the Select Schedule tab.
  2. In Case Set name, give a unique name to your Case Set for better identification, instead of using the default name Case Set_nnn.
  3. Type a Description for your new Case Set.

Updated 1 day ago