Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
manusmadan Absent Member.
Absent Member.
304 views

Automating Case Creation and Add to an existing Case

I need to automate Case creation in ESM. I have a Standard test rule with aggregation of 2 in 5 mins and aggregate if Attacker address and zone are identical.

I tried multiple rule actions and I can see multiple cases from the same attacker address. Although it is adding to existing cases, it is also creating new cases. PFA the rule actions

Labels (2)
0 Likes
3 Replies
rhope Acclaimed Contributor.
Acclaimed Contributor.

Re: Automating Case Creation and Add to an existing Case

You have a create case action on every event, it should probably be on first event

0 Likes
manusmadan Absent Member.
Absent Member.

Re: Automating Case Creation and Add to an existing Case

Thanks for the suggestion. It is successfully adding to the first case. However, if I move the case from the current Case group to a different one it is still adding to that case. I wanted to create a new case instead. PFA

0 Likes
Aleccese Absent Member.
Absent Member.

Re: Automating Case Creation and Add to an existing Case

Hi Manu,

unfortunately case selection for "adding to new case" action works based on case name, so if you have a subsequent issue with the same IP address (8.8.8.8) events will be always added to the same case. You should add another piece of information to your case name, for example a timestamp (MM-DD-YY) or something like that. In this way you will have different cases for the same issue occurring in different days. That's obviously a personal interpretation of case usage...you can find a "smarter" way to discriminate cases and incidents.

Bye

Alex

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.