You have the option to create a “ready made case” by simulating a case populated with system default alerts. Simulated Cases can be useful in staging environments or for trial purposes such as creating a demo. You can also create cases or import an existing case in a JSON format to use as a simulated case. 

To simulate a case:

  1. Click the  icon and select Simulate Cases.
  2. Select a simulated case from one of the following options: default cases in Chronicle SOAR, cases installed from the Marketplace Use Cases, or cases that you have imported, or created.
  3. Click Create.

To create a new case:

  1. Click on the icon, then click Simulate Cases.
     
  2. In the Simulate Cases dialog box, click on the icon, then click Add New Case.
  3. In the Add New Case dialog box, enter the source Name, Rule Name (Rule Generator, Alert Product, Alert Name, Event Name and if you choose, additional Alert/Event fields.
  4. Click Save. Your new case now appears in the drop-down list in the Simulate Cases dialog box.
  5. Select the case you created and click Create.
  6. Next, select the required environment and click Simulate. The new case will appear in the queue.

To import a case in a JSON file:

  1. Click on the icon, then click Simulate Cases.
  2. In the Simulate Cases dialog box, click on icon, then click Import Case.
  3. Select the required case and click Open. The case is imported in a JSON format.