Automation for the threats you know, cases for the ones you don’t

Learn more
Security team / Cases /
CrowdStrike alert, host: MARTIN-PC (#36297)
Created 2d ago by Cases bot • 0 comments
In progress
All activity
June 24, 2024
Cases bot created case #36297
4:32 PM
Cases bot added tag CrowdStrike
4:32 PM
Cases bot set priority to Medium
4:32 PM
Cases bot assigned
4:32 PM
Cases bot added record
4:32 PM
Cases bot completed
4:32 PM
CrowdStrike Falcon alerts about a potential security incident
Add a comment...
CrowdStrike alert, host: MARTIN-PC
Case metrics
TypeCase timeSLA timeMet SLA?
TTDTo be updated with TTD time60 minTo be updated with TTD SLA result
TTRTo be updated with TTR time4 hrTo be updated with TTR SLA result

CrowdStrike detection received: View details below for further detection, behavior, and IP enrichment information.


Go to Runbook

Initial detection and triage
CrowdStrike Falcon alerts about a potential security incident
Confirm the severity and priority level
Gather basic information about the alert, including affected hosts, observed behaviors, and timestamps
Verify if the alert aligns with known threat intelligence or attack patterns
Incident notification and coordination
Notify stakeholders, including the incident response team, SOC, and relevant IT personnel
Establish clear lines of communication and assign roles to team members
Create and incident ticket or record in your incident management system
Containment and isolation
Identify affected hosts and isolate them from the network to prevent further compromise
Engage CrowdStrike’s containment capabilities, if available, to isolate the affected hosts
Consider applying network-based controls to block associated suspicious traffic
Leverage CrowdStrike’s threat intel and community forums to gather additional info
Response and mitigation
Based on the findings, develop a mitigation plan to address the incident effectively
Apply necessary patches, updates or configurations to address any vulnerabilities found
Identify compromised user accounts, credentials, or access rights, and revoke or reset them as appropriate
Implement necessary changes to security policies, configurations, or access controls to prevent future similar incidents.
Isolate hosts
Lock user account
Linked cases
ResolutionIn progress
Closure comments
Case requirements
User assigned
Case metadata completed

Investigate, remediate, and report on an incident in a collaborative workspace with Tines’ powerful, intuitive case management.


Capture data across workflows to report on this in a consistent, structured format.


Monitor and report on workflow performance with cases and records in one location.

Better automations, fewer cases, faster incident response

Bring humans into the loop when it matters for your business while workflows run to capture the rest. Cases make it easy to work on incident response and create an audit trail of the resolution.

Reduce friction without compromising on your technology

Automation often involves other teams – DevOps, IT, HROps – who work in other systems. Effectively collaborate across those systems and teams using cases.

Why Tines cases?


This is automation-first case management: create a case from within your existing workflow. From creation to search to correlating information – the experience feels instantaneous.


Cases don’t presume a way of working, it responds to yours. Start from a template, fine tune to your own preferences; or both. Cases connects to any workflow, record, page, or API.


Define advanced, nuanced data tracking across stories and cases. Aggregate into a dashboard to track SLAs, open cases, MTTR and more.


Mitigate risks with teams from a single location with intuitive components. Cases provide real-time visibility into data that can be analyzed, aggregated and reported to share with key stakeholders.

Start building today

Talk to one of our experts or explore our docs, to learn how your business can leverage Tines cases.

Talk to an expert

Built by you,
powered by Tines

Already have an account? Log in.