NG-SIEM Cases: Template / Workflow Usage
Hey all,
I'm trying to gather some information from the community on how people and organizations are using the Cases feature, specifically from the Template/Workflow side.
Currently, we use a fairly simple workflow that adds the detection's base events as events to the Case.
For important detection rules, we also use a runtime field called alert_summary, which performs basic formatting into a readable sentence using query variables/fields. We then add that summary either to the Case description or to custom fields created through the Case template.
I'm curious how others are approaching this.
Are you using Case templates and workflows in a similar way, or have you found better methods for enriching Cases, structuring alert context, or making investigations easier for analysts?
Would appreciate hearing how others are using this feature in practice and whether you think this approach is effective or worth improving.
Thanks all !