The "Create Intezer Case from Trigger Alert" workflow automates the incident response for initial triage alerts. Initiated by Intezer Trigger, the workflow swiftly creates a Torq case enriched with predefined custom fields and observables derived from a comprehensive JSON alert analysis. This is achieved via a nested workflow that meticulously processes the raw alert data, ultimately offering a structured case format for more efficient handling. Based on alert recommendations, relevant quick actions are selected to enhance the case, while a key note is added summarizing the alert insights. The workflow also leverages AI to concisely synthesize triage data and seamlessly attaches an initial runbook, providing clear guidance for the next steps in the case management process.
Trigger
Use Cases
Case Management
Workflow Breakdown
Workflow will trigger for 'initial_triage' alerts.
Creates a case, populating it with custom fields and observables via a nested workflow that processes the raw JSON alert.
Defines wich quick action should be added to the case based on alert recommendations.
Adds alert note as a key note for the case.
Uses AI Task to summarize triage data.
Attaches an Initial Runbook to the case
Vendors
Utils, Torq Cases
Tips
Define Quick Action workflows to be associated with the case based on alert recommendations.