This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Webinar May 29th: Log Ingestion: Bindplane + Google SecOps
Log in to ask a question

Case Merge

Posted on 12-05-2024 04:54 AM
yasinmnk
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi
Our customer receive several cases and would like to prevent duplicates and merge cases for a better overview! Is that possible ? if yes,  how and is there any documentation or guide for that thanks in advance for answers!

Solved Solved
0 3 209
Topic Labels
Jump to Solution
0 Likes
2 ACCEPTED SOLUTIONS

Posted on --/--/---- --:-- AM
kentphelps
Staff
Reply posted on --/--/---- --:-- AM

Merge is available on the Search Screen Let us know if that does not help here.

View solution in original post

Jump to Solution

Posted on --/--/---- --:-- AM
AymanC
Silver 3
Silver 3
Reply posted on --/--/---- --:-- AM

hi @yasinmnk,

You can also look into alert grouping - so it identifies similar alerts (specified by your own conditions) within a specified time period, and will group these alerts into one case. Alternatively, another way to look into this which hypothetically sounds possible is by creating a playbook that gets attached to these specific cases, using the 'Get Similar Cases' action within the playbook, attach this as the first step, if there's a xxx% match (for example 100% entity match), along with the same/similar case name, to automatically close the case.

Reference: https://cloud.google.com/chronicle/docs/soar/investigate/working-with-alerts/alert-grouping-mechanis...

Kind Regards,

Ayman

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
kentphelps
Staff
Reply posted on --/--/---- --:-- AM

Merge is available on the Search Screen Let us know if that does not help here.

Jump to Solution

Posted on --/--/---- --:-- AM
AymanC
Silver 3
Silver 3
Reply posted on --/--/---- --:-- AM

hi @yasinmnk,

You can also look into alert grouping - so it identifies similar alerts (specified by your own conditions) within a specified time period, and will group these alerts into one case. Alternatively, another way to look into this which hypothetically sounds possible is by creating a playbook that gets attached to these specific cases, using the 'Get Similar Cases' action within the playbook, attach this as the first step, if there's a xxx% match (for example 100% entity match), along with the same/similar case name, to automatically close the case.

Reference: https://cloud.google.com/chronicle/docs/soar/investigate/working-with-alerts/alert-grouping-mechanis...

Kind Regards,

Ayman

Jump to Solution

Posted on --/--/---- --:-- AM
yasinmnk
Bronze 3
Bronze 3
In response to AymanC
Reply posted on --/--/---- --:-- AM

Hi @AymanC  Thanks so much for your answer, was very helpful:
Best Regards,
Yasin

Jump to Solution
0 Likes
Top Solution Authors
View all