Simulate cases

Supported in:

You can create a sample case by simulating a case populated with system default alerts. These simulated cases can be useful in staging environments or for demonstrations.

You can also create cases or import an existing case in JSON format with the suffix '.CASE' to use as a simulated case. 

Simulate a case

To simulate a case, complete the following steps:

  1. In the Case queue header, click Add a Case, then select Simulate Cases.
  2. In the Simulate Cases dialog, select a case from the menu.
  3. Click Create.

Create a new case

To create a new case, complete the following steps:

  1. In the Simulate Cases dialog, click Add or import case, then click Add New Case.
  2. In the Add New Case dialog, enter the Source/SIEM Name, Rule Name (Rule Generator), Alert Product, Alert Name, Event Name, and optionally, Additional Alert Fields and Additional Event Fields.
  3. Click Save; your new case appears in Simulate Cases dialog menu.
  4. Select the case you added and click Create.
  5. Select the required environment and click Simulate. The new case appears in the queue.

Import a case to a JSON file

To import a case to a JSON file, complete the following steps:

  1. In the Simulate Cases dialog, click Add or import case, then click Import Case.
  2. Select the required case and click Open. The case is imported in JSON format.

Need more help? Get answers from Community members and Google SecOps professionals.