You can manually create a new case, assign it to a specific domain, and define custom fields for the case.
Note
To create a case manually, you must have View/Edit permission for Cases and Issues selected under → → → → → .
You can create a case directly from the Cases page.
On the Cases page click New Case.
Under Case Details, specify the case domain, name, severity, and (Optional) assignee and description.
The severity of a manually generated case cannot be low.
Note
You can assign a case to a single domain only, and you cannot change the assigned domain. For more information, see Case and issue domains.
(Optional) Under Case Fields, select custom case fields.
Cortex XSIAM validates the Host IP, Local IP, and Remote IP fields.
If you select Set fields as default for new <domain> domain cases, the custom case fields that are configured are saved for all users. When a user next creates a case for the same domain, these fields are automatically configured instead of the default field set.
To reset the custom fields to the system default, click Restore Default Field Set.
Under Issue Details, select the issues to link to the case, or create a new issue.
Tip
The issues that you link to a case can be linked to multiple cases, and the issue domains do not need to match the case domain.
Under Issue Fields, define the following:
Note
This option is only relevant for certain domains.
MITRE ATT&CK tactics and techniques to assign to the case.
Custom issue fields.
(Optional) Under Playbook, specify playbook run settings. By default, a playbook is run Automatically by trigger.
Note
This option is only relevant for certain domains.
Click Create new case.
Each case creation generates one issue. The name, the severity, and the description of the generated issue mirrors the name, the severity, and the description of the case.
Note
You can't attach files to manually created cases.