Validating case creation and correlation events
If your cases do not contain case creation or correlation events, you can use search through all of the cases in your account to check if case creation and correlation events are occurring for incoming case candidates from QRadar platform.
Symptoms
Cases do not contain any case creation or case correlation events on the NewsFeed tab, which means that Case Management might not be taking actions on incoming case candidates.Diagnosing the problem
You can use the cases search to check if there are case creation or case correlation events for any of the cases in your account by specifically searching for milestones with case creation events.User response:
Search across all cases for case creation and correlation events.
To search, go to the list of cases by clicking Menu > My applications > Case Management and searching for case creation in
the Search in cases box, filtering the search by
Milestones.
There are two categories of results. Results with a title Case
creation event show results for cases that were created from QRadar platform case candidates. Results with the title
Case correlation event show results for case candidates that were merged to
existing cases. The following graphic shows an example with case creation and case correlation
events.
Resolving the problem
If there are no case creation or correlation events, it is possible that there is a problem occurring upstream in one of the other QRadar platform components.User response: Contact your administrator to identify and resolve the root cause of the problem.