Cases

Cases are entries in an event-tracking system used to track, investigate, and resolve suspicious events in a workflow-type environment. When suspicious events occur, cases are created and assigned to users, who then investigate and resolve them based on enterprise policies and practices.

ArcSight has two ways to create and handle cases. First, it has its own complete case-management system. You can use this system to create new cases and assign them to specific groups and users who are notified and receive the cases and relevant data and information associated with the case. Those users can then act on the assigned cases, specifying resolution or other actions taken on the case, which gets reported back and recorded in the ongoing or final resolution of a case.

In addition to using the built-in case management system that ArcSight provides, you can also integrate it with other external case management systems such as Remedy. In that situation, adding new cases exports event information and bring up forms of the external case management system for you to create and assign new cases. The integration with external case management system can also be customized so that case resolution is reported back and recorded.

Case attachments enable you to attach files to any case you are able to edit, for example log files. You are also able to delete cases and attachments; if you delete a case, it deletes the attachment. You can add a file to a case, making it public or private. Private means that the attachment is never shared with other cases; Public means that everyone has access to the latest edited version of that file. Sharing attachments makes it possible to share files that are common among many cases, for example as with a non-disclosure agreement.

For complete information on working with cases, see Case Management and Queries.