The Cases tab in the Managed Threat Hunting (MTH) portal displays open or active cases, their details, and is a secondary source for remediation steps. A case is automatically opened when there is a detection or suspicious activity in your Nebula console. Filter and search cases on the left and select a case for a deeper understanding of activity within the case.
To access the Cases tab, click MTH Portal in the top-right of Nebula. This is the default tab when launching the MTH Portal.
When selecting a case, the case title, ID number, and case creation date display along the top. Cases use the following naming scheme: Case type, endpoint name, entity or indicator of compromise, and if available, endpoint username.
Click the case overview icon next to the numbered tab for the Overview tab, which includes a summary of the entire case. Review any alerts from this tab.
Your MTH team uses the case wall to communicate any important information to you. Click Wall under the case overview icon to view this information. This tab is an audit for the entire case and lists all alerts and remediation instructions. Filter the Wall tab by clicking on the icons to view specific events such as comments and status changes.
A single case may display multiple alert tabs. This can indicate multiple related malicious activities and are aggregated for ease of analysis. Click the numbered tabs next to the case overview icon to view alert-specific actions, events, and details. For additional details on all entities and events in the alert, click View More under the Entities Highlights and Events widgets.
Return to Managed Threat Hunting guide for Nebula.