Creating a case

After security issues are identified and the level of remediation requirement is assessed, organizations must follow a remediation management process to address and manage the issues. You can create cases to remediate identified issues that are found on the assets.

Before you begin

  • Customize the Case Management application settings. For more information, see Customizing settings in Case Management.
  • In Case Management, complete the following steps before you assign a group to a case in Risk Manager and to view all the cases with Default role.
    1. On the home page, click the Menu icon.
    2. In the Application settings section, click Case Management > Permissions and access.
    3. Click the Roles tab.
    4. Click Default Role under Global roles.
    5. In the Administration and Customization Permissions section, select Groups and Ability to view and modify.
    6. In the Incident Permissions section, select View Incidents and Edit Incident.
    7. Click Save.

About this task

A case is an incident or event in which data or a system might be compromised. Application users or systems that are integrated with the application can create these cases. You can then act on the case and monitor its status from the start to the resolution. For more information, see the Case Management documentation.

Risk Manager is integrated with the Case Management application for creating cases to manage remediation action plans for the identified issues. Risk scores of assets are reflected based on the remediation actions that are implemented. The cases that you created are managed in the Case Management application to track them to closure.

Only the Case Management administrator can access and interact with all the cases. Administrators can define your role, which determines how you interact with cases. You might be able to access all cases or specific cases based on the assigned role.

Procedure

  1. On the home page, click the Menu icon.
  2. In the My applications section, click Risk Manager > Manage assets.
  3. Select the assets for creating a case according to your business needs. You can select up to 30 assets.
  4. Click Add assets to new case to create a case.
  5. On the Create case window, set the following options.
    Option Description
    Case name Specify a name for the case.
    Case severity Specify a severity for the issue, for example, High, Medium, or Low.
    Description Provide the case description.
    Incident type Select an appropriate incident category type from the list.
    Assigned to Select the group to which you want to assign the case.

    Ensure that Groups is selected for Default Role in the Case Management application.
    Remediation for Select the type of control that you want to implement from the list.
    Vulnerability severity If you select Vulnerabilities from the Remediation for list, you can select an appropriate severity level.
  6. Click Create case.
    A success window is displayed with the case ID.
  7. Click the case ID link to view case details in the Case Management application.

What to do next

Use the Case Management application to manage and track status of the case. You can edit status, phase, and owner name of a case in Case Management. To view the updated status in Risk Manager, you must use the following steps.
  1. On the Manage assets page, click the asset name for which a case is created.
  2. On the General information window, click View full details.
  3. Click the Cases tab to view the updated status.
  4. Click the arrow Arrow icon icon to view details in the Case Management application.