Create a manual case

You can manually create a case. When you create a case, you can enter specific data, which is useful for ingesting information on an alert; for example, information that was reported from non-cyber sources. 

1. Click add Add and select Create Manual Case.

2. Specify the following case properties:
   • Case Title: Title for the new case.
   • Creation Reason: Type a reason for creating the case. 
   • Environment: Select the specific environment being monitored.
   • Assigned To: Assign the case to a specific role or user.
   • Priority: Set a priority for the case based on the preference with which the case is to be handled.
   • Mark as Important: Click the toggle button to mark a case as important or not important, as required.
3. Click Next.
4. In the Alert step, specify the alert information:
   • Alert Name: Enter a name for the security alert.
   • Occurrence Time: In the calendar, select the date and time the alert occurred.
   • SLA: Specify a date and time within which the SOC team commits to resolve the alert in the case.
5. Click Next. 
6. In the Entities step, select any required existing entities. You can add an entirely new identity with a corresponding identifier. You can mark the entity as suspicious, which highlights it in red. You can also mark them as part of the organization's internal network.

7. Click Next. 
8. In the Tags step, select any existing tags, create new tags, or leave blank, according to your needs.
9. Click Next.
10. In the Playbooks step, select any relevant playbooks to be attached to the alerts.
11. Click Finish.