Views:
Case Viewer allows you to see and manage all your cases from Case Management at any time, in any of the TrendAI Vision One™ screens.
Important
Important
Your organization can upload up to 1 GB of attachments. This limit applies to all cases opened within the organization.
The following table outlines the actions available in Case Viewer.
Action
Description
Show and hide Case Viewer
  • Click Case Viewer icon to open Case Viewer to last case you viewed.
  • Click Hide icon to hide Case Viewer.
View the case list
Click listIcon=7c3116b8-7ab2-4238-b375-4245e4aa864d.png to view available cases and select the case you want to work on.
Search case list
Locate specific cases by case ID, case name, ticket ID, associated item, and more.
Add a filter
Click Add filter icon to filter the case list:
  • Associated items
  • Created by
  • Closed by
  • Due date
  • Owner
  • Priority
  • Status
  • Type
Click Clear to remove the filter.
Refresh the case data
Click Refresh icon to retrieve the latest case data.
Filter case list
Use the filters to refine the list of cases.
  • Status
  • Findings
View case information
Click(Case information icon to display and update information about the case.
Change the name or description
  1. Click (Case information icon).
  2. Click Modify under the Name or Description.
  3. Edit the name or description.
  4. Notify others of the change:
    1. Select Send case notification to other email addresses.
    2. Enter one or more email addresses.
  5. Click Modify.
View an associated item
  1. Click (Case information icon).
    1. Click (Case information icon).
    2. Click the ID under Associated items to display an associated item in a new tab.
Change the case status
  1. Click (Case information icon).
  2. Select a Status to update the progress of the case.
Set the case findings
  1. Click (Case information icon).
  2. Select an option to update the Findings of the case:
    • True positive: The investigation confirmed the occurrence of threats or malicious activities.
    • False positive: No malicious activity found.
    • Benign true positive: The investigation confirmed the presence of a genuine threat that poses no risk to the organization. Benign true positives are the result of penetration tests or other legitimate activities in your environment.
    • Noteworthy: TrendAI Vision One™ detected unusual activity that requires more investigation.
    • -: The investigation has no findings.
Change the case priority
  1. Click (Case information icon).
  2. Change the case priority
Assign owners
  1. Click (Case information icon).
  2. Assign owners
Add a workspace to a Forensics case
  1. Click (Case information icon).
  2. Click Create Forensics Workspace to add a new workspace as an associated item.
Open a related case
Related cases are independent subcases that give you the flexibility to divide a complex investigation into small subcases. Related cases supply more information for the main case.
  1. Click (Case information icon).
  2. Click Open related case to link a new case.
  3. Enter case information. See Trend Vision One cases.
Work with tasks
The Task tab in Case Viewer provides the same task operations available in the full Case Management page. Click a task name to open the Task Detail view to view or edit the task.
View a related case
  1. Click (Case information icon).
  2. Click the related case ID to view a linked case.
Generate an investigation report
Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
If you enabled generative AI in TrendAI™ Companion, select a case name to open the case details, then go to Options iconGenerate investigation report.
TrendAI™ Companion generates a threat investigation and remediation report for the case. You can preview, edit, and download the case at Dashboards and ReportsReports.
This action is only available for Workbench cases with a “True positive” finding.
Create a case summary
Important
Important
This is a "Pre-release" feature and is not considered an official release. Please review the Pre-release disclaimer before using the feature.
If you enabled generative AI in TrendAI™ Companion, select a case name to open the case details, then go to Options iconSummarize case.
TrendAI™ Companion summarizes all the notes created in the case since last summarized progress. Summarized progress notes are helpful when transferring a case to a new owner.
Update impacted endpoints
Click Update Forensics Workspace to update the workspace with impacted endpoints.
If the case no longer includes an endpoint, TrendAI Vision One™ does not automatically remove the endpoint. You can manually remove any impacted endpoints from the workspace.
Add notes to the case
  1. Type any notes in the box.
  2. Click Send icon to add the entry.
Add attachments to a case
  1. Click (Case information icon).
  2. Click Options icon then click Add attachments.
  3. Select a file to attach and click Open.
  4. To add more files, click Add File.
  5. If needed, add notes about the attachments in the Comments field.
  6. Click Save.
Edit an entry
  1. Point to the entry to display the icons.
  2. Click Edit icon.
  3. Type any comments or notes.
  4. Click Save.
Delete an entry
  1. Point to the entry to display the icons.
  2. Click Delete icon.
  3. Delete icon
Return case to MDR team
Important
Important
This option is only available for MDR cases.
After resolving all the situations that required your attention, click Return case to MDR team.
After returning a case to the managed XDR team, you can continue adding notes to provide more information.