We’re excited to share new enhancements to cases. The Cases Public API now allows customers and partners the ability to manage cases using their preferred tools. Additionally, we’ve refreshed the pivot menu with new hostname actions and updated queries. These updates are designed to enhance the investigation process and improve response times.

Cases Public API

We’ve added enhancement to the Cases Public API, giving customers and partners the ability to create, update, and delete cases using their preferred tools. With this new functionality, customers can now easily modify key fields such as case status, severity, and case summary, enabling more effective prioritization and faster triage times. These improvements are designed to give you more flexibility in your workflow and help you address issues more efficiently. 

For more details about this release, please refer to: Cases API Guide

 

Case Detections Pivot Menu

What’s new:

In the case detections flyout, you’ll notice a refreshed and simplified interface for the pivot menu, now featuring new quick actions and updated queries for hostname. The pivot menu allows you to select key information from a detection, using it as a starting point for deeper investigation and immediate action. Here’s what’s new:

  • Run Actions: Added the ability to isolate and un-isolate devices,  allowing users to quickly remediate without losing context. 
  • Run Live Discover and Search Data Lake: The queries list has been updated to feature the most frequently used ones.
  • Copy Device Name: Easily copy the device name to your clipboard.
  • Detections with device: Go straight to the detections page to see all detections associated with the device. The default time range is last 24 hours.
  • Device Details: Navigate directly to the device details page for more in-depth information about the device.

 

Coming soon:

We’re working on additional enhancements with plans to roll them out in October. These updates include:

  • Extend the default time range for viewing detections associated with the device.
  • Adaptive Attack Protection actions will be added to hostname pivot menu