- 15 May 2023
- 1 Minute to read
- DarkLight
Cases
- Updated on 15 May 2023
- 1 Minute to read
- DarkLight
With Torq, security teams can automate case management: create, update, process, and resolve cases in response to security alerts, ensuring quick prioritization and handling. Torq cases are based on Torq's powerful no-code automation platform, allowing you and your team to fully automate the case lifecycle to ensure team members are exposed to less noise and can focus on high-priority items.
Torq cases are OCSF-compliant, flexible, and easily extensible to fit your organization's needs and, together with automation, can be used to orchestrate any analysis and remediation flows efficiently.
Key features
- Case timeline to summarize the course of the investigation.
- Automatically create, update, process, and resolve cases using Torq steps.
- Observables are first-class citizen objects, meaning you can view the cases a single observable is associated with to discover relationships between seemingly unrelated events.
- Use events in the case lifecycle, such as adding a new observable, changing the severity, and more, to trigger workflows to automate case management.
Cases page and filters
To view the active or recently closed cases go to the Cases page.
You can filter the cases by:
- Severity
- Assignee
- SLA time: the percentage of the time already used.
- Category: case categories to show. Custom categories are also available.
- State: case states to show. Removing a state from this filter will change the page layout.