View Categories

Ticketing- Manage cases and Advance Settings

5 min read

1. Manage Cases #

Overview:

The “Manage Cases” feature allows you to efficiently handle all aspects of case management, including creating, updating, and tracking cases. You can store vital information related to incidents, manage indicators of compromise (IOCs), assign tasks, and collaborate with team members using notes. Each case acts as a centralized record of an incident or issue, helping to organize workflows and ensure thorough investigations.

Location in Argus:

Navigate to Manage > Manage Cases from the Argus main dashboard.

Key Features:

Case Overview Dashboard: View a list of all active, in-progress, and closed cases, including filters to sort by priority, assignee, and status.

Search and Filter: Use the search bar to quickly find specific cases, or apply filters to view cases by attributes like date, priority, or assigned users.

Bulk Actions: Perform bulk actions such as closing multiple cases, reassigning cases, or updating case statuses.

From the Argus Ticketing tool Select Advanced Modules

Modules are instantiated upon actions (hooks, triggers, user actions) and this occurs each time the said actions occur. It implies the initiation of a module has to be very quick. In most of the case, the __init__ method should not even be overwritten. They can live either in the worker or the web-app, depending on their type and action they are handling. They can also live in both. This implies multiple instances of the same module can run at the same time.

When we click on the module name it shows:

The Argus Ticketing Tool Check – Module Information interface provides detailed information about the Argus Ticketing Tool Check module within the system, including its configuration settings, status, and metadata. This interface is used by administrators to manage and configure the module.

Module Metadata:

Name: Argus Ticketing Tool Check: Provides a simple check module that replies to every hook.

Target Package: Argus Ticketing Tool_check_module

Date Added: 2024-07-19 10:58:52.029083

Module Version: 1.0.1 is theĀ  current version of the module.

Interface Version: 1.2.0 is the version of the interface the module interacts with.

Is Active: False : Indicates whether the module is currently active or inactive. In this case, the module is inactive.

Provides Pipeline: False : Indicates whether the module provides a processing pipeline. For Argus Ticketing ToolCheck, no pipeline is provided.

Configuration Settings: The configuration section allows users to view and modify the settings of the module

Section: The section in which the parameter is categorized. In this case, the parameter is under the “Main” section.

Parameter: The name of the specific setting or configuration parameter. In this case, the parameter is Log received hook.

Value: The current value assigned to the parameter. Here, the value is set to True, indicating that logging of received hooks is enabled.

Mandatory: Indicates whether the parameter is mandatory. This column can be used to sort the parameters based on their necessity.

CUSTOMERS MANAGEMENT #

This section manages customer data, showing the list of registered customers.

  • Name: Displays the customer names. Each name is clickable and likely leads to more detailed information about the customer.

Example:

  • soft_sensor
  • Genixcyber
  • Description: This is reserved for providing additional details about each customer.

CASE OBJECTS #

1.Assets types

This lists various types of assets within the system, categorized based on account type and their status.

Name: Lists the asset type, primarily different types of Windows accounts and servers and provides a description of each asset.

     Example

  • Windows Account – Local – Admin
  • Windows Account – Local
  • Windows Account – AD – Service

2.IOC types

The name of the IOC type, which provides a quick reference to the type of indicator being defined and provides a brief explanation of the IOC type, often summarizing its purpose or structure.

Example:

  • aba-rtn: ABA routing transit number
  • account: Account of any type
  • anonymised: Anonymized value

Taxonomy: This is reserved for classifying the IOC types into a taxonomy.

Validation Regex: This is used to specify a regular expression (regex) pattern for validating the format of each IOC type.

3 Case classifications

The Name column lists the classification names, such as “abusive-content:harmful-speech” and “availability:ddos”. The Expanded name column provides more detailed descriptions of the classifications, like “Abusive-Content: Harmful Speech” and “Availability: DDoS”. The Description column further elaborates on the classifications, explaining the specific types of harmful content or attacks they represent.

  • Case states

The Name column lists the various stages of a case, such as “Closed”, “Containment”, “Eradication”, “In progress”, “Open”, “Post-incident”, “Recovery”, and “Reporting”. The Description column provides a brief explanation of each case state, indicating the status of the case at that particular phase.

5. Evidence types

The Name column lists the different types of evidence, such as “Collection-KAPE”, “Collection-ORC”, and “Executable-Generic”. The Description column provides a brief explanation of each evidence type, indicating what it represents.

Custom Attributes #

Overview:

Custom Attributes enable you to add specific metadata to objects in Argus Ticketing, enhancing searchability and organization.

Location in Argus:

Navigate to Manage > Advanced > Custom Attributes.

How to Configure:

  • Define attributes for different object types, such as cases, users, or alerts.
  • Set default values and validation rules for each attribute.

How to Use:

  • Apply custom attributes during case creation or when updating objects.
  • Use attributes to filter and search for objects within Argus Ticketing.

Case Templates #

Overview:

Case Templates allow you to standardize the process of creating new cases.

Location in Argus:

Access this feature under Manage > Advanced > Case Templates.

How to Configure:

  • Create templates with predefined fields, workflows, and tasks.
  • Set default assignments and permissions for each template.

How to Use:

  • Use templates to ensure consistency across similar cases.
  • Modify templates as needed to reflect changes in your operational procedures.

Report Templates #

Overview:

The Report Templates feature allows you to generate and export detailed reports on various activities within Argus Ticketing.

Location in Argus:

Go to Manage > Advanced > Report Templates.

How to Configure:

  • Define report templates with specific fields and filters.
  • Schedule automated report generation and distribution.

How to Use:

  • Use reports to monitor system performance, track case progress, and ensure compliance.
  • Export reports in various formats for external sharing and archiving.

Access Control #

Overview:

Access Control in Argus Ticketing allows you to manage who can access what within your system. It includes authentication, user management, and group management.

Location in Argus:

Navigate to Manage > Advanced > Access Control to access this feature.

How to Configure:

  • Authentication: Configure authentication methods by selecting the Authentication tab. Here you can choose between various authentication methods, such as LDAP, SAML, or local authentication.
  • Groups: Manage user groups by clicking on the Groups tab. Create new groups, assign permissions, and manage existing ones.
  • Users: In the Users tab, you can add new users, assign them to groups, and manage their permissions.

How to Use:

  • Assign users to groups with appropriate permissions to ensure secure and organized access.
  • Use the authentication settings to enforce security policies.

Server Settings #

Overview:

Server Settings allow you to configure the underlying infrastructure of the Argus Ticketing platform.

Location in Argus:

Access this feature under Manage > Advanced > Server Settings.

How to Configure:

  • Adjust server parameters like memory usage, database settings, and network configurations.
  • Set up monitoring and alerting for server health.

How to Use:

  • Regularly monitor server performance and adjust settings to ensure optimal operation.
  • Use alerts to proactively manage server issues.

Leave a Reply

Your email address will not be published. Required fields are marked *