Cases
| Purpose | The Cases App provides a structured environment for organizing, investigating, and resolving complex incidents, enabling effective teamwork and informed decision-making. |
|---|
| Last Updated | March 26, 2025 |
|---|
What are Cases?
The Cases App in Raven is designed for organizing and managing deep investigations into important events or incidents that your team is addressing. It provides a centralized space to assign alerts, correlate relevant data, and chat with the Raven AI Assistant to drive comprehensive analysis. Cases are a great way to track progress, assign ownership, and ensure efficient resolution of complex issues.
Key Features
Centralized Investigation Hub
- Organize Important Events: Cases are a great way to organize important events or incidents that your team is working on.
- Assign Alerts: Designate alerts to specific cases for focused analysis.
- Raise Data Points: Bring data from queries into the case, enriching the investigative context.
- Automatic Data Correlation: Cases inherit related events, alerts, and observables, providing a comprehensive view.
- Assignment and Progress Tracking: Assign cases to specific team members and track their progress.
- Report: Organize the outcome of your investigation in the report tab.
AI Assistant Integration
- AI-Driven Analysis: Chat with the Raven Assistant directly within the case to gain deeper insights.
- Contextual Awareness: The assistant has access to all case-related data points, enabling informed analysis and correlation.
Data Integration
- Related Events: Automatically incorporates events related to correlated alerts.
- Related Alerts: Includes all alerts associated with the case.
- Observables: Captures key indicators from alerts for enhanced analysis.
Two Primary Views
-
Case Main Page:
- Provides an overview of all cases in the Raven team.
- Users can switch between viewing their assigned cases and all cases.
-
Case Detail View:
- Displays related alerts, events, case details, and the Assistant chat for a specific case.
How to Use Cases
Creating a Case
Cases can be created in three ways:
-
From Alerts App: Raise an alert to a new case.
-
From Query Analyzer: Raise data points from a query to a new case.
-
From Cases App: Add a blank case directly within the Cases App.
-
Navigate to the Cases App in the Raven platform.
-
Click on the "New Case" button.
-
Provide a name and description for the case.
-
Adding Data to a Case
-
Assign Alerts: Assign existing alerts to the case from the Alerts App or within the case itself.
-
Raise Data Points from Queries:
- Run a query in the Query Analyzer.
- Select relevant rows from the query results.
- Click the "Add Event to Case" button.
- Choose the case to which you want to add the data.
Leveraging the AI Assistant
- Open the AI Assistant within the Case App.
- Ask questions about the related events, alerts, and observables to gain deeper insights.
- Use the AI Assistant to correlate data and identify patterns.
Key Benefits of using Cases
- Streamlined Investigations: Consolidate all relevant data and tools in one place.
- Enhanced Collaboration: Enable team members to work together on investigations with shared access to data and insights.
- Informed Decision-Making: Leverage the power of AI to analyze data and make data-driven decisions.
- Improved Organization: Keep important events organized and easily trackable.
Best Practices
- Use descriptive names for cases to easily identify their purpose.
- Assign cases to a person responsible for driving the investigation to closure.
- Add all relevant alerts and data points to ensure comprehensive context.
- Leverage the AI Assistant to explore patterns and anomalies in the data.