Viewing case activity

You can view a newsfeed to see all activity on a case, including case creation and correlation events.

From a case, go to the Newsfeed tab to see activity updates for all activity on the cases. To view specific actions only in the news feed, click the Show Types menu and select an activity. The Summary section shows a summary of the case information.

The QRadar platform analyzes alert data and sends case candidates to Case Management. Case Management checks for existing cases with matching attributes and either correlates the incoming case candidate by merging it to the oldest matching case, or by creating a new case. Key case events for case creation events or correlation events are displayed on the NewsFeed tab. The following graphic shows an example of a case creation event, where a case was created based on the incoming case candidate.