Create new case
  • 06 May 2024
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Create new case

  • Dark
    Light
  • PDF

Article summary

Create new case automates Case creation so that each time the Enforcement Set runs (per configured schedule) a new Case is created on the assets resulting from the query. Create a new Case for:

  • Assets that match the results of the selected saved query, and match the Enforcement Action Dynamic Value statement, if defined.
Note:
  • This Enforcement Action is not available to run on selected assets.
  • You can configure an Enforcement Set to create a Case only on the delta of assets returned from the current Enforcement Set query in comparison to those returned in the query in the previous Enforcement Set run, by selecting the Run on added entities only scheduling option. This is recommended so that an asset is processed one time only by a Case. Note that the Enforcement Set query is the Base Query of the Case.
  • Creating a Case using this Enforcement Action enables tracking, monitoring, and remediating similar assets that enter the system and are returned from the query over time.
  • To learn more about Cases, see Case Management Overview.

Each time the Enforcement Set runs, a new Case is created on the Case Management page for the assets that currently result from the saved query. You can view or edit the Case details and monitor its progress from the Case drawer.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

Note:

General Settings

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Required Fields

These fields must be configured to run the Enforcement Set.

  • Case Title - Type a name for the Case. Recommended that it should be a meaningful name.
  • Type - From the alphabetically ordered dropdown list, select the Case type that best describes the issue: Application missing/installation, Data Breach Remediation, Groups Synchronization/Migration, IT - General, Other Cases, Reduce Attack Surface, Security - General, Upgrades, Vulnerability Remediation.
  • Priority (Default: P0) - From the dropdown, select the priority of the Case, i.e., the urgency of the Case. Available priorities: P0 (highest priority), P1, P2, P3, or P4 (lowest priority).


Additional Fields

These fields are optional.

  • Description - Type a short description of the Case.

  • Status (Default: To Do) - From the dropdown, select one of the following priorities: To Do, Backlog, In Progress, Done.

  • Due Date - Click Select Date to open a calendar from which to select the date and time (optional) that the Case is due, and then click Ok.

  • Assignee - From the dropdown, select one user only to take care of the Case. The dropdown list shows users only from your data scope. Clicking the adjacent trashcan icon clears the selected assignee.

    • You can postpone assigning a Case to a user to some time after Case creation.
  • Additional Queries - Select one or more optional queries to link to the Case.

    • From the Module dropdown, select an asset type, and from the Select Query dropdown, select an existing query for the selected asset type, or click + Add Query to create a new query (if this option is available for the module that you chose). To learn more about creating a new query, see Creating a New Query.
    • Click the + button to select an additional query. The Case does not track these queries. Clicking the adjacent trashcan icon deletes the added query.
    • You can hover over the selected Query and then click the View or Edit Query icon to verify the query or if necessary, edit the Query.
  • Linked Enforcements - From the Select Enforcement dropdown, select one or more Enforcement Sets to link to the Case. Click the + button to select each additional Enforcement Set to link. Clicking the adjacent trashcan icon clears the selected Enforcement Set.



For more details about other Enforcement Actions available, see Action Library.



Was this article helpful?