Validating case creation in Case Management

Alert data is analyzed and case candidates are sent to Case Management. Case Management checks for existing cases with matching attributes and either deduplicates the incoming case candidate by merging it to the oldest matching case, or by creating a new case if there is no existing case with matching date.

Procedure

  1. Search for case creation. For more information, see Correlation.
  2. If your cases do not show any case creation on deduplication events, you can use search across all cases in your account to check if case creation and deduplication events are occurring for incoming case candidates from. For more information, see Validating case creation and deduplication events.