Workflows (Buttons)

Administrators or agents with special permissions can create buttons with custom functionality that will appear under cases and alerts.

These are called workflows (formerly known as Action Triggers); workflows represent a group of bundled actions in a configurable button.

For example, here are some custom button workflows for an alert that was triggered:

53445344

📘

Why are some buttons greyed out?

Greyed out buttons mean that some steps in the alert investigation process (specifically the checklist) have not yet been completed. Once the checklist is completed, the buttons will become available.

You can configure custom buttons to further investigations for alerts and cases.

An example custom button action might be:

  • whitelisting an entity from a rule
  • escalating a case to a designated agent
  • moving an alert to a different queue (i.e. team)
  • creating a SAR
  • or any combination of these actions

Workflows = Buttons with custom Actions

Configure actions from System > Workflows, then choose the resource you want to configure, either Alerts or Cases.

Alerts:

You can create buttons for an alert that will:

  • close / open alerts
  • change queues
  • assign to agent
  • turn into case
  • add or remove tags
  • apply disposition and notes
53445344

Cases:

You can create buttons for a case that will:

  • close / open cases
  • assign to an agent/team
  • add or remove tags
  • apply disposition and notes
53445344

🚧

Why can't I see a button?

Some buttons require permissions to be used. Make sure you are part of the correct team or that your individual permissions are set appropriately. Your administrator may be able to help.


Did this page help you?