Create a manual case

You can manually create a case to enter specific data. This is useful when you need to ingest information on an alert; for example, information that was reported from sources that aren't integrated with your detection pipeline (for example, alerts reported from non-cyber channels). 

1. On the Cases page, click add Add  > Create Manual Case .
2. Enter the following case properties:
   • Case Title: Enter a title for the new case.
   • Creation Reason: Enter the reason for creating the case. 
   • Environment: Select the specific environment being monitored.
   • Assigned To: Assign the case to a specific role or user.
   • Priority: Set the priority level for the case.
   • Mark as Important: Click the Mark as important toggle on if the case should be flagged as important.
3. Click Next .
4. In the Alert step, enter the following alert information:
   • Alert Name: Enter a name for the security alert.
   • Occurrence Time: In the calendar, select the date and time the alert occurred.
   • SLA: Specify a date and time by which the SOC team should resolve the case.
5. Click Next . 
6. In Entities , select any required existing entities, as follows; you can:
• Add an existing entity or create a new one with a corresponding identifier.
• Mark an entity as suspicious (this highlights it in red).
7. Click Next . 
8. In Tags , select any existing tags, create new tags, or leave blank, according to your needs.
9. Click Next .
10. In Playbooks , select any relevant playbooks to be attached to the alerts.
11. Click Finish .