The "Create Intezer Case from Trigger Alert" workflow template is designed to streamline case management by automating the initial response to alerts from Intezer. When an 'initial_triage' alert is triggered, the workflow creates a case using a field mapper, adds key notes from the alert, and attaches an initial runbook. It leverages AI to summarize triage data, ensuring that critical insights are captured efficiently. This template enhances incident response by providing a structured approach to managing alerts, reducing manual effort, and improving response times.
Trigger
Use Cases
Case Management
Workflow Breakdown
Workflow will trigger for 'initial_triage' alerts.
Creates a case, populating it with custom fields and observables via a nested workflow that processes the raw JSON alert.
Defines wich quick action should be added to the case based on alert recommendations.
Adds alert note as a key note for the case.
Uses AI Task to summarize triage data.
Attaches an Initial Runbook to the case
Vendors
Utils, Torq Cases
Tips
Define Quick Action workflows to be associated with the case based on alert recommendations.