Create and update cases
  • 30 May 2023
  • 1 Minute to read
  • Dark
    Light

Create and update cases

  • Dark
    Light

Article Summary

Torq Cases allows users to create and update cases automatically using workflow logic. The Create a Case step allows users to set parameters such as title, description, SLA, state, category, reporter, assignee and severity. The Update a Case step provides options such as adding observables or comments to the case and updating the description or reputation of an observable. Attachments can also be added or removed from the case.

Torq cases are designed to be created, updated, and maintained automatically using the available Torq Cases steps as part of workflow logic. The different properties of a case are described below, in addition to how cases can be created and updated by using Torq steps or manually from the Cases page.

Create a case

Create cases automatically during workflow executions when incidents are detected.

For example, you can create a workflow triggered when an identity and access management service, such as Okta, detects suspicious user activity. After initial preprocessing, create a case as part of the workflow using the Create a case step.

These are the case parameters:

ParameterDescription
TitleProvide a meaningful name for the case for easy retrieval. For example, you can include the incident type and the associated vendors.
SLAService Level Agreement. Duration in which the case should be resolved.
SeverityPossible values:
  • Low
  • Medium
  • High
Description (optional)Provide information that should be available to anyone reviewing the case. You can apply formatting to the case description by using markdown syntax. To include a markdown-supported table in the case description, use the Create ASCII table step with the optional parameter Markdown set to true.
ReporterThe entity that created the case:
  • User email if the case was manually created.
  • Workflow execution ID if the case was automatically created.
AssigneeThe email address of the team member to whom the case is assigned.
CategoryUse one of the suggested categories or create your own.
  • Cloud Security
  • Application Security
  • Identity & Access Management
  • Email Security
  • Data Security
  • Malware

Create a case step

You also have the option to create a case manually by going to the Cases page and selecting Create Case.
Create a case manually

Update a case

Use the many steps available under Torq Cases to update and maintain cases automatically. This is a partial list of what you can do with the available steps:

  • Update case properties: title, description, SLA, state, category, reporter, assignee, and severity.
  • Add observables, mark them as key observables, remove an observable from the key observables group, and disassociate an observable from a case (read more about observables).
  • Update the description or the reputation of an observable.
  • Add comments.
  • Add attachments, get download links for the attachments, and remove attachments.
  • Retrieve information about a case or an observable.
  • Query cases.

Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.