Customize Selected Case Query

This topic explains how to add fields (columns) in the report query so that they are included in the case report. In this example, we will add the following fields:

Attack OS
Attack Impact
Attack Target

To customize Selected Case Query:

Copy Queries/Shared/All Queries/ArcSight System/Core/Selected Case Report/Selected Case Query into a custom query group of your choice and rename it, for example:
```
Queries/Shared/All Queries/Public/CW3 Selected Case Query
```
Keeping this copy in the Public node makes the query accessible to all.

Caution: You can change the copied query’s name, but keep the Query On = Case setting.
On the copied query’s Fields tab, click Add ‘SELECT’ columns to add fields, for example: Attack OS, Attack Impact, Attack Target, and more as required. Change the sort order as desired.

Note:

The Notes field is not available for this query.

If you need additional help on creating or editing queries, see Building a Query.

Next go to Customize Selected Case Report.

Micro Focus Security Community
All Documentation
Support
Education
Send Us Feedback

Close

We welcome your comments!

You can either:

Open an email window.

Or copy the information below to an email client and send the email to Documentation-Feedback@microfocus.com.

Help Topic ID:

Product:

Topic Title:

Feedback: