Skip to content

Commit 9b71200

Browse files
nastasha-solomonflorent-leborgne
nastasha-solomon
and
florent-leborgne
authored
[Cases][Serverless & 9.2]: Case events (#3372)
Fixes #3255 by adding docs for attaching events to cases and examining them from the **Events** tab. [Preview](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/3372/solutions/security/investigate/open-manage-cases#cases-examine-events) --------- Co-authored-by: florent-leborgne <[email protected]>
1 parent cd08d37 commit 9b71200

File tree

1 file changed

+6
-1
lines changed

1 file changed

+6
-1
lines changed

solutions/security/investigate/open-manage-cases.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ To explore a case, click on its name. You can then:
9595
Comments can contain Markdown. For syntax help, click the Markdown icon (![Click markdown icon](/solutions/images/security-markdown-icon.png "title =20x20")) in the bottom right of the comment.
9696
::::
9797

98-
* Examine [alerts](/solutions/security/investigate/open-manage-cases.md#cases-examine-alerts) and [indicators](/solutions/security/investigate/indicators-of-compromise.md#review-indicator-in-case) attached to the case
98+
* Examine [alerts](/solutions/security/investigate/open-manage-cases.md#cases-examine-alerts), [indicators](/solutions/security/investigate/indicators-of-compromise.md#review-indicator-in-case), and {applies_to}`stack: ga 9.2.0` [events](/solutions/security/investigate/open-manage-cases.md#cases-examine-events) attached to the case
9999
* [Add files](/solutions/security/investigate/open-manage-cases.md#cases-add-files)
100100
* [Add a Lens visualization](/solutions/security/investigate/open-manage-cases.md#cases-lens-visualization)
101101
* Modify the case’s description, assignees, category, severity, status, and tags.
@@ -147,7 +147,12 @@ To explore the alerts attached to a case, click the **Alerts** tab. In the table
147147
Each case can have a maximum of 1,000 alerts.
148148
::::
149149

150+
### Examine events attached to a case [cases-examine-events]
151+
```{applies_to}
152+
stack: ga 9.2
153+
```
150154

155+
After adding events to cases from the Events table (which you can access from the **Events** tab on the **Hosts**, **Network**, or **Users** pages) or from Timeline, you can examine them in the case's **Events** tab. Within the tab, alerts are organized from newest to oldest. Click the **View details** button the find out more about the event.
151156

152157
### Add files [cases-add-files]
153158

0 commit comments

Comments
 (0)