Customize the Close Case dialog

Supported in:

In Google Security Operations, the Close Case dialog appears when you close a case. This dialog includes default parameters: Reason, Root Cause, and Comment. However, administrators can perform the tasks in this document to customize the dialog by adding new parameters or root causes to enhance case documentation.

Learn more about how to close cases.

Add a custom field

To customize the Close Case dialog with additional parameters, complete the following steps:

  1. Go to SOAR Settings > Case Data > Close Case.
  2. Click add Add Custom Parameters.
  3. Complete the common fields:
    • Name: enter a name for the new parameter.
    • Type: select the type of field you want to add from the Type menu:
      • Free Text: Enter a name for the field to let the analyst add specific details. For example, name the field Customer phone number, and the analyst can enter the relevant contact details.
      • Radio Button: Lets the analyst select one of two options. For example, to specify whether a case was resolved or needs escalation, in the Radio Button Content field, you can set the options as Mitigated or Escalated.
      • Single Choice List: Provides a list where the analyst selects one option. For example, to categorize the type of threat identified in a case, you can enter Malware, Phishing, and Insider Threat as the list options.
      • Multi Choice List: Offers a list to select multiple options. For example, to log actions taken during an incident, you might include options, such as Containment Measures Implemented, System Patches Applied, User Education Provided, Alerts Updated, or Access Revoked.
    • Default Value: Lets you set a default for the Close Case dialog. Leave the Default Value field blank if no option is pre-selected. To remove a default value you've set, select the Reset option.
    • Description: Lets you add a description to appear as a tooltip when you hold the pointer over the info next to the parameter in the Close Case dialog.

Add a New Root Cause

To add a root cause to the Root Cause menu, complete the following steps:

  1. Go to SOAR Settings > Case Data > Close Case.
  2. Click addAdd Root Cause. The Add Case Close Root Cause dialog appears.
  3. From the Reason list, select a reason, and enter relevant information in the Root Cause field.
  4. Click Add to save the root cause.

Need more help? Get answers from Community members and Google SecOps professionals.