Simulate Cases
You have the option to create a “ready made case” by simulating a case populated with system default alerts. Simulated Cases can be useful in staging environments or for trial purposes such as creating a demo. You can also create cases or import an existing case in a JSON format to use as a simulated case.
To simulate a case:
- Click the icon and select Simulate Cases.
- Select a simulated case from one of the following options: default cases in Chronicle SOAR, cases installed from the Marketplace Use Cases, or cases that you have imported, or created.
- Click Create.
To create a new case:
- Click on the icon, then click Simulate Cases.
- In the Simulate Cases dialog box, click on the icon, then click Add New Case.
- In the Add New Case dialog box, enter the source Name, Rule Name (Rule Generator, Alert Product, Alert Name, Event Name and if you choose, additional Alert/Event fields.
- Click Save. Your new case now appears in the drop-down list in the Simulate Cases dialog box.
- Select the case you created and click Create.
- Next, select the required environment and click Simulate. The new case will appear in the queue.
To import a case in a JSON file:
- Click on the icon, then click Simulate Cases.
- In the Simulate Cases dialog box, click on icon, then click Import Case.
- Select the required case and click Open. The case is imported in a JSON format.