- 24 Nov 2024
- 6 Minutes to read
- Print
- DarkLight
- PDF
Creating a New Case
- Updated on 24 Nov 2024
- 6 Minutes to read
- Print
- DarkLight
- PDF
You can create a new Case, in order to track, monitor, and remediate similar assets in the system, using either of the following methods:
- From the Case Management page, manually create a one-time Case to run on assets returned from a defined query at the time the Case is created. In this method, you click Create Case to open a Case drawer, configure the Case, and create it. This method includes the option to send an external notification informing that a Case has been created.
- From the Findings Center.
- From the Enforcement Center, automate Case creation by configuring a new Case using the Create new case enforcement action. When run, this Enforcement Set automatically creates a new Case on the Enforcement Set query (equivalent to the Base query in the first method) each Discovery Cycle or according to another defined schedule. Each created Case runs on assets resulting from the query that runs at the time that the Case is created, which usually changes over time as assets are added and removed from the system. There is also an option (recommended) to run the Enforcement Set on added assets only, i.e., create a Case that runs on the delta of Query results since the previous Enforcement Set run. This is recommended and avoids processing the same assets multiple times. In this method, you can add an enforcement action from the Notify category to send an external notification informing that a Case has been created.
This section describes the first method of creating a one-time Case from the Case Management page.
Creating a Case from the Case Management Page
For each new Case that you create, you need to give the Case a name, select the type of issue, and link it to an asset query (Base Query). Optionally, you can also set the following for the Case:
- Set the priority of the Case, assign the Case to a relevant user, set a due date for resolving the Case, and more.
- Link additional Queries and/or Enforcement Sets to the Case, in the same way that you would link data to a Jira or Zendesk ticket.
- Notify assignees or others via email about the new Case.
You require View user accounts and roles permissions to create a Case.
Learn more about how to manage Roles.
When you save a newly created Case, a list of assets currently matching the query is also saved. From then on, Case Progress is calculated based on assets that leave the query due to their being reconciled/remediated. You can manage the new Case together with already existing Cases from the Case Management page, and open the configuration of any Case to track its progress and change its status or any other field (except the Base Query). When all initial assets (with the exception of assets that may be removed from the system over the course of time) are remediated, you can close a Case.
To create a new Case
- In the Case Management page, click Create Case. The Create Case drawer opens.
Optionally, create one or more additional Queries related to the Case.
Optionally, link Enforcements to the Case.
Optionally, set an email notification to inform the Case assignee (recommended) and others on the Case opening.
Click Create. The Case is added to the Case Management table.
If you toggled on Set Email Notification (see above), all email recipients specified receive an email in the following format: A new Axonius case has been assigned to you followed by a link to the new Case and the custom message.
The Create button becomes enabled only after you configure all required Case fields.
Filling in Case Information
This section describes how to fill in Case details, including Case Title, Type, Priority of the Case, Status, Due Date, and Assignee.
To fill in Case information
In Case title (Required) , type a name for the Case. Recommended that it should be a meaningful name.
In the Description field (Optional) that opens, type a short description of the Case.
From the Type (Required) dropdown list (alphabetically ordered), select the case type that best describes the issue: Application missing/installation, Data Breach Remediation, Groups Synchronization/Migration, IT - General, Other Cases, Reduce Attack Surface, Security - General, Upgrades, Vulnerability Remediation.
From the * Priority (Required, Default: P0) dropdown, select the priority of the Case, i.e., the urgency of the case. Available priorities: P0 (highest priority), P1, P2, P3, or P4 (lowest priority).
From the Status (Optional; Default: To Do) dropdown, select one of the following priorities: To Do, Backlog, In Progress, Done.
In Due date (Optional) , click the calendar icon
to open a calendar from which to select the date and time (optional) that the Case is due, and then click Ok.
From the Assignee (Optional) dropdown, select one user only to take care of the case. The dropdown list shows users only from your data scope. Clicking the adjacent trashcan icon clears the selected assignee.
- You can postpone assigning a Case to a user to some time after Case creation.
Creating the Base Query Monitored by the Case
When you create a Case from the Case Management screen, under Query type, the Simple Query button is enabled by default. This section describes how to define the base query that the Case will track.
When you create a Case from the Case Management screen, the Finding Rule button is disabled. You can also create a Case from an alert or rule in the Findings Center.
To create the Base query monitored by the Case
Under Query type - Simple Query, under Base query (Required), from the Module dropdown, select an asset type, and from the Select Query dropdown, select an existing query for the selected asset type, or click + Add Query to create a new query. To learn more about creating a new query, see Creating a New Query.
* The Base Query can only be an asset query; not an internal module query, such as Adapters Fetch History.
* Hover over the selected Query and then click the View or Edit Query icon to verify the query or if necessary, edit the Query.The following screen shows the unclear admin status query drawer.
Creating Additional Queries
You can optionally configure additional queries that are related to the Case. The Case does not track the progress of these additional queries.
To configure additional queries
- Under Additional Queries (Optional), select one or more queries related to the Case.
- From the Module dropdown, select an asset type, and from the Select Query dropdown, select an existing query for the selected asset type, or click + Add Query to create a new query. To learn more about creating a new query, see Creating a New Query.
* Click the + button to select an additional query.
* Click the adjacent trashcan icon to delete the added query. - Hover over the selected Additional Query and then click the View or Edit Query icon to verify or edit the query (similar to Base Query above).
- From the Module dropdown, select an asset type, and from the Select Query dropdown, select an existing query for the selected asset type, or click + Add Query to create a new query. To learn more about creating a new query, see Creating a New Query.
Linking Enforcements to the Case
You can optionally link one or more Enforcement Sets to the Case.
To link Enforcements to the Case
- Under Linked Enforcements (Optional), from the Select Enforcement dropdown, select one or more Enforcement Sets to link to the Case.
- Click the + button to select each additional Enforcement Set to link.
- Click the adjacent trashcan icon to clear the selected Enforcement Set.
Setting an Email Notification
This section describes how to set an email notification notifying about the creation of new Case.
You can set email notifications only if email settings are configured under System Settings.
To set an email notification
- Under Email Notification, toggle on Set Email Notification (Default: Disabled)* to set up an email notifying about the new Case.
- In Email Recipients, type one or more email recipients, clicking Add for each additional recipient. It is recommended that at least one of these recipients should be the Assignee.
- In Custom Message, type text to be added to the body of the email.