Query cases step
- 15 May 2023
- 1 Minute to read
- DarkLight
Query cases step
- Updated on 15 May 2023
- 1 Minute to read
- DarkLight
Article Summary
Share feedback
Thanks for sharing your feedback!
Extract information from cases and improve your visibility by using the Query cases step to retrieve a list of cases that meet the specified criteria. Use the step optional parameters to determine the query filters.
The Query cases step can be used to achieve a wide variety of goals, for example:
- Deduplication: avoid creating a new case if a case that matches specific criteria already exists.
- Bulk operations: perform an action on a list of cases. For example, reassign all cases currently assigned to a specific team member.
- Threat hunting: enter an observable ID to get a list of the cases it's associated with.
- Reporting/Analysis: retrieve the cases that match a specific interest profile. For example, retrieve the cases with SLA 0.8 or more, which means they are about to be SLA breached.
Tip
Use the Order and Order by optional parameters to get the results in ascending/descending order of a particular property value.
Usage example: SLA is 80% or more used up
In the example below, a list of the cases that have 80% or more of their SLA used up is retrieved, and a reminder is sent to each case assignee. Depending on other characteristics of the case, you may want to notify the on-call engineer or implement other forms of escalation.
Was this article helpful?