Automation & SOAR • Room 1

Case Management

Investigations often span multiple Notable Events. The Case Management capability allows analysts to link disparate events into a single, cohesive investigation.

Engineers configure case schemas and default task lists to enforce structured investigations.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

❤️❤️❤️

Question 1 of 1

What is the primary benefit of grouping Notable Events into a "Case" in ES?

AIt deletes the events to save space.

BIt allows analysts to track a complex, multi-stage incident chronologically, linking disparate alerts (e.g., Phishing + Lateral Movement) into a single entity.

CIt automatically blocks the attacker's IP.

DIt converts the data back to raw format.