A case group is a subset of a Tines team.
Using Groups
Case groups provide a way to segment cases, case views, and dashboards.
Users within a group are limited to viewing that group's cases, case views, and dashboards
Users can be members of multiple groups with different permissions for each group.
Cases can move between groups.
For example, in a SOC, the Incident Response team has its own users, credentials, resources, and stories. Within this team, three groups carry out distinct functions:
Tier 1: Incident triage
Tier 2: Investigations
Tier 3: Threat hunting
Managing groups
Team Admins and Tenant Owners create and manage groups directly within the team. Tenant Owners are automatically members of all groups within a team.
ℹ️Info
Viewing group membership
To view membership, navigate to "Cases" and open the group selection menu. Select the group you'd like to view membership for.
Re-open the team selection menu and navigate to Manage > Members. A list of members and their roles are displayed.
Managing group membership
To manage group membership, first select the desired group to manage from the team selection menu. Next, re-open the selection menu and click Manage > Members
ℹ️Info
Assigning team members to a group
Users who are part of a team can quickly be assigned to one or more groups.
Inviting users to a specific group
In some cases, you may want to invite a user to a group. To add other members to your group, select Manage > Members > Invite.
Managing roles and permissions within a group
To manage roles for group members, opent the group selection menu and click Manage > Members. Each group member will have an additional configuration option which allows you to specify their role.
The role selected only applies to the cases, case views, and dashboards within that specific group.
Managing permissions
Permissions are managed by selecting the Administration menu > Users. Please see Teams to learn more about roles and their permissions.
🪄Tip
For instance, a team member holding the Case Manager role, who is also part of a group with the Viewer role, will manage the group's cases as a Case Manager.
Assigning cases to groups
When security and IT tools generate events, Tines processes these events and associates them to a new or existing case.
In some situations, a case may need to be escalated or moved to another group.
Moving a case can occur in three ways:
The group is explicitly defined in initial conditions of the case-creation story object
The case is escalated to another group using a case action built in your story
The case is manually moved to another group
⚠️Warning
Automatically assign a group at case creation
When you define a "case" object within the storyboard, you can select the group to which the case should automatically be assigned.
Escalate using a case action
Cases include custom quick-response buttons called Case Actions, which trigger a webhook help drive the case to resolution.
When you configure a case template or the case directly within the storyboard, you can reference a webhook story object for a case action.
You must first create this webhook object within the storyboard and build a story that specifies which group the case should be assigned when the webhook is triggered.
Move a case to another group
If a case needs to be escalated, you can manually move it between groups. Analysts will only see cases and dashboards associated with their group.
From the case list
When viewing cases on the case list, one or more selected cases can be moved to another group within the team.
When viewing a case
When viewing an individual case, select the + or "assignee" button. From there you can select which group the case should be transfered to.
