Cases

A case is the investigation workspace in Energy SOAR. It holds tasks, observables, a timeline, analyst notes, TTP mappings, and a discussion channel. Cases are created from alerts or manually, and can be shared with other organisations within the same instance.

This section covers the cases list and case detail view, working with observables and running analyzers, sharing cases across organisations, the related graphs view, the timeline, and the chat tab.

• Cases
• Working with Observables
• Sharing Cases
• Related Graphs
• Case Timeline
• Case Chat