6.1. Open a Case for Editing
The picture below shows the Case Management view with cases that have
been created with the
Auto Case feature. You can see those cases
by filtering the
Name column to only contain the
value and the
Status column to only contain the
In our example a Level 1 Analyst would now pick one of these open cases
and set the Status to "Level 1 Working". To do this, they would open
the case by clicking on the magnifier button and modify the status
Level 1 Working and then click
Now the logs within the case can be analyzed and results can be documented in the assessment field. Recommendations can be set from the canned recommendations list. Columns can be faded in and out and comments can be added.
6.2. Case Dispatching
Let's assume, our Level 1 Analyst concludes, that this is a "Legitimate Anomaly". They will now set the status to "Level 1 Finished" and update the case. After setting the case to "Level 1 Finished" the case becomes visible to the Level 2 Analyst.
6.3. Closing a Case
Let's assume, that a Level 2 Analyst now picks one of the cases in status "Level 1 Finished" and starts working on this case.
In this respect we assume, that something suspicious has been found,
that needs further analysis by the system administration team. In most
organizations this will be controlled through the organization's action
request or ticketing system. So, we assume, that we will close the case
in the Analysis Cockpit as it is progressed in another system. The
status is changed to
closed and the case gets updated.
The Analysis Cockpit provides interfacing to action-request and external ticketing systems using the API.