The AgileBlue Cerulean AI SecOps platform includes the ability to update case status in a single click from your escalation notifications or work directly from the Case Details page in our portal.
Overview
In October 2024, the AgileBlue Cerulean AI SecOps platform received a key update allowing users to update case status in a single click from escalations notification emails received from the AgileBlue SOC Analyst Team. This update provides several benefits, some of which are listed below:
- Immediate case closures based on user response
- Expedited case updates based on user response
- Updated notification system allowing for management of cases for users who prefer to work directly in the AgileBlue Portal
- Increased visibility in the portal into the entire conversation surrounding a case
How It Works
With this update, AgileBlue has adjusted the case escalation email template to include five interactive response options - an image of this updated template can be found below:
In order to submit a response, users can select any of the five interactive buttons - definitions for each can be found below:
- Benign
- This option will automatically close the case with no additional follow up from the AgileBlue SOC Analyst Team. This should be used for legitimate activity that should continue to generate alerts in the future.
- Benign - Whitelist Activity
- This option will automatically close the case and notify the assigned analyst in addition to the on-call analyst team that action is required. When this notification is received, the AgileBlue Analyst Team will whitelist the related activity to ensure you do not receive these alerts in the future.
- Investigate
- This option will automatically update the status of the case to 'Waiting for SOC' and notify the assigned analyst as well as the on-call analyst team. When this occurs, it will enter the SOC Analyst queue as a priority item and a member of the team will follow up with additional information regarding the case or, in some cases, may reach out to you via a phone call.
- Malicious - Respond and Investigate
- Responding with this option will notify the SOC Analyst Team that the activity is malicious and responsive action is required. The analyst team will treat this with the highest priority possible and reach back out to your team ASAP with additional information and next steps. Depending on the specifics in your playbook, they will also take responsive actions for accounts subscribed for those services. As a note: responsive actions are only available for PLUS and PRO subscribers.
- Malicious - Close Case
- The final option should be used for cases that are malicious but do not require any additional follow up, response, or assistance from the AgileBlue SOC Analyst Team. Selecting this option will automatically close the case with a Malicious status applied.
Each response will automatically be registered in the Activity Log on the Case Details Page. Additionally, users still have the option to reply all to the email with any specific questions or updates, or simply if you prefer not to use the one-click response options. When this occurs, the assigned analyst and on-call analyst team will be notified of the response.
Additionally, all emails included on the case chain will be added to the Conversation section on the Case Details page in the portal, allowing for historical record and increased visibility.
In-Portal Response
In addition to the email template updates, users now also have the ability to respond to and work on cases directly in the AgileBlue portal on the Case Details page. The basic workflow for taking advantage if this option can be found below:
- Access the Case Details page for the case in question
- This can be done by clicking the link in the escalation email or selecting the case from the Cases page in the portal
- Select + Add Narrative under the Activity Log
- Type your questions, comments, or notes in the Notes field
- Select an updated Status
- Closed: This will close the case with no further action taken
- Add narrative without updating case status: This option will notify the assigned analyst and on-call analyst team of the update
- Click Save Narrative
Any questions?
AgileBlue is always here to support you and ensure you are 100% successful. If there are any issues with the installation or if you have any questions, please reach out to AgileBlue Support.
Email: support@agileblue.com
Phone: (216) 606-9400🚨