Managing a case
How you manage a case depends on your role, the nature of the case, and the playbook in place. If you are a case owner or a member, you might be able to add and assign tasks, and create custom tasks.
As the case progresses, you might need to add or update case details, notes, attachments, artifacts and so on. You make these changes by editing the various tabs in the case.
You might also need to update information in data tables, which might be in the various tabs of the case. If the application is integrated with other security systems, you might be able to perform an action with that system directly from the data table. For example, when integrated with BigFix, you determine that a file listed in the data table needs to be deleted. From that row in the data table, you select the action for BigFix to delete that file from all computers.
If you manage cases involving Personal Information or Personal Data, enter the information in the Breach or Incident Breach Information tab to determine any potential notification obligations. The application maintains a database of breach notification statutes, regulations, trade organization bulletins, and guidance documents, including penalties where applicable. This allows the application to provide a summary of the reporting and notification requirements, automatically generate tasks, and update the case.
The IBM® Security QRadar SOAR application maintains a database of breach notification statutes, regulations, trade organization bulletins, and guidance documents, including penalties where applicable. This allows the application to provide a summary of the reporting and notification requirements, automatically generate tasks, and update the incident.
You might need to reassign cases and tasks depending on your team’s availability. You can do this directly from the Members tab in a case or task.