List of cases
The Cases page displays the cases that you have permission to view. The Cases page provides an overview of cases, but you can determine which information is shown by selecting the columns.
Go to the list of cases page by selecting Menu > My applications > Case Management, as shown in the following graphic.
To control the information that is displayed in the case list, click Customize columns on the right, and then check the columns that you want to view, and clear columns that you want to hide. You can also drag the columns to reorganize the information.
Automated case severity is based on a sum of the severities of its enriched artifacts and findings. When determining a case severity, each unique artifact and finding is counted only once.
As artifacts or findings are enriched with context, their severity is calculated based on the information provided by enrichment and threat intelligence services. The results of enrichment and threat intelligence services are weighted, based on performance over time. This weighting helps to prioritize if there are different severities from different sources for the same artifact.
- 10 is Critical.
- 7 to 9 is High.
- 4 to 6 is Medium
- 1 to 3 is Low.
- Any value from 0 to -10 is Benign.
The correlation process is completed at the same time as enrichment. Findings are correlated during the correlation process, and their cumulative severity is determined.
Together, these combined factors are used to determine the automated severity of a case. The automated case severity can change if new alerts or findings are automatically correlated to the case, or if you run a new investigation.
The QRadar platform enriches artifacts and findings with context and other information, which helps to determine the severity of both the artifacts and the findings. Artifacts are used to determine the severity of findings. Multiple artifacts can be associated with one finding, so the severity of the individual artifacts has a cumulative effect on the overall severity of the finding. Also, enrichment rules have their own severity that impacts the severity of the finding it triggers.
The severity of a finding is the total of the severities of each of the unique artifacts associated with the finding.