The Case Management feature is a collaborative forensic tool for creating cases to track and document suspicious logs and alarms that are believed to be related to the same threat. The ability to create, own, and tag cases, as well as to collaborate on cases that are created and owned by others, is extended only to Web Console users who are granted permission. These permissions are configured in the Client Console. For information about permission, see the Modify User Profile Management Permissions topic in the LogRhythm SIEM Help.
By default, all user roles have access to the Case Management feature. To hide the Case Management feature from a user role, open the Client Console and do the following:
- From the Tools menu in the Deployment Manager window, select Administration, and then click User Profile Manager.
- In the User Profile Manager window, double-click the user role that you want to modify.
The User Profile Properties dialog box appears.
- From the General tab, clear the LogRhythm Case Management Access check box.
For more information on configuring Case Management user roles in the Client Console, see the User Profile Manager section in the LogRhythm SIEM Help.
From the Current Case panel on the Dashboards page, Alarms page, and Analyze page, you can create new cases and build upon existing ones whenever you encounter logs, alarms, or files that can be used as evidence. The Cases page provides an expanded layout and customizable dashboards for you to further view and manage the cases you are working on.