Cases: A year in review

Written by Hannah RoyProduct Marketing Manager

When we launched cases in early 2023, we saw how teams combined automation with their established processes to respond to known threats. And we realized we were missing a place for security teams to address those new or unknown threats. Enter cases, our solution to case management.

Over the past year, our cases feature has become a place where teams can collaborate, track, and report on new and existing workflows. In addition to handling the new and unknown, cases help teams build a center of excellence for workflow automation, where they can mitigate risk by working with speed and consistency. To help organizations achieve this, our engineering team has been hard at work improving cases.

Continuous innovation 

Looking through our What’s New page, you’ll notice the cases section has been busier than most. Let’s dive a little deeper into some of these updates. 

Business 

With other vendors, builders are forced to fit into vendor-defined case management best practices and templates that can’t easily be customized. To maintain a center of excellence with a strong security posture, flexibility and accessibility should be top of mind, and that’s what our engineering team at Tines strived for with the following business updates:

  • AI on the storyboard: When alerts are coming in real-time, it’s hard to predict exactly what types of alerts we may receive. And when it comes to a case, the context of that case might change based on a new alert received. Builders can use the AI action on the storyboard to generate updated summaries based on that alert context in real-time so the team can see the most up-to-date information and take action from there.

  • Creating a case: Alerts can be unpredictable, and the need to create a case could happen anytime. Whether you’re currently in a story or viewing the cases list, you can instantly create a case from scratch or via a template and get started on your investigation immediately.

  • Tracking records: Cases and records go hand-in-hand in case management. Records are a way to structure event data from across story runs. Create and view your records directly in the cases UI as you work on a case.

  • Dashboards: Gain a singular view of your case performance for reporting that matches your business needs. Our dashboards feature allows users to get case information like mean time to resolution (MTTR) and mean time to assign (MTTA) highlighted in one place, along with record charts, to be exported for engaging reports. In addition to exporting dashboards for executive viewing, you can export cases as a .pdf or .csv file to showcase high-level data about case performance.

  • Case SLAs: All cases that are created are vital to your business, but sometimes, you need help prioritizing which cases your team should focus on at the moment. Tines lets you assign SLAs to a case based on its priority level: from No SLA and spanning from 12 hours up to 4 weeks.

  • Case organization and requirements: Ensuring your cases are organized and meeting your team's standards for proper case handling is essential. When case descriptions get heavy with details that require the scroll bar for viewing, simple markdowns in edit mode automatically create a table of contents to navigate the case details effectively. Case requirements also help create consistency by adding steps and rules you must meet before a case can be closed.

People 

We haven’t only thought about cases from a business point of view. We’ve considered the people on your team alongside these new updates. It’s important to keep collaboration and efficiency at the forefront to help ease the pressure of dealing with the unknown and potential burnout on the team.

  • Live interactions: Gain real-time visibility of other active viewers of a case and typing indicators for comments. With the addition of case comment reactions, builders can have a more engaging experience within cases, leading to stronger communication and smoother investigations.

  • Case groups: Control user access and actions by assigning team members to groups with specific permissions. This way, builders can focus on the cases that matter to them with the necessary tools for their role. You can also seamlessly transfer cases between groups to improve workflow and collaboration.

  • Case Manager role: Members within your tenant have specific roles, including Team Admin, Editor, or Viewer. But based on your team’s structure, you may want particular people to have edit access for cases only. That’s where the Case Manager role comes in. It gives a user read-write permissions for cases while restricting access to other objects on the team (stories, resources, credentials, events, etc.).

  • Granular cases permissions: You can break down permissions even further with customized roles and permissions appropriate to a particular user group within cases. Name the new role based on your needs, and carve out precisely what that builder can do, from creating, updating, or deleting statuses across Actions, Comments, Descriptions, Files, Records, and Metadata.

Whether you’re new to cases or have been subscribed for some time, it’s a good time to learn more about how to streamline your case management in Tines further. And you can start with these resources:

Built by you, powered by Tines

Talk to one of our experts to learn the unique ways your business can leverage Tines.