tracecat icon indicating copy to clipboard operation
tracecat copied to clipboard

Published 20 hours ago verified publisher icon TracecatHQ

[TRACKER] Case management

Open daryllimyt opened this issue 10 months ago • 0 comments

Description

  • Currently, state management is in preview mode

Roadmap

  • [ ] [v0] Basic case management with timeline

Todos

High priority

  • [x] Autocomplete
    • [x] Basic persistence #57
    • [x] Implement user controls to commit and overwrite autocompleted values #60
    • [x] Adjust this so it only applies autocomplete for Tag and Action, not Context. Context should be populated by data in the workflow
  • [x] Update case content inside the sliding side panel
    • [x] Refactor and extend SMAC to include T (Tags) #66
      • [x] Action -> Multi-select of short, well-defined todos. != runbook -- UI: [v0] single select [v1] multi select #66
      • [x] Context -> metadata regarding the payload, e.g. user email, geo IP, etc -- UI: Flat KV #66
      • [x] Suppressions -> condition: result -- UI: Flat KV #64
      • [x] Tags -> Categories associated with the payload, e.g. MITRE Attack TTPs -- UI: Flat KV #64
    • [x] Remove runbooks
    • [x] Remove metrics
  • [ ] Deduplication
    • [ ] Include identifiers
      • [ ] this needs to be designed in a way that can easily leverage AI features
    • [ ] [v0] use SHA256 hashes to exact matches
  • [x] Basic controls (baseline usability)
    • [x] Fine-grained case controls
      • [x] Changing and synchronizing priority #80
      • [x] Changing and synchronizing status #78
      • [x] [v0] Clearing cases from the case table - scope this to just mark as closed, remains in table
        • [x] Current issue - trying to check this box actually triggers the onClick handler as well. #81
    • [ ] Viewing history/archives - this is more if cases are actually removed from the table. For now, can just filter the table to not include closed cases.
  • [ ] Timeline + audit trail
    • [x] [v0] Basic trail #89
      • [x] When was the case opened
      • [x] When did any case fields change
      • [x] When was the case closed (no special case for this just use change status to closed)
  • [ ] Tagging
    • [x] Add AI Flair #73
    • [x] #91
    • [ ] [v0.5] Case-by-case tag addition; Do something with the checkboxes?; Users can add tags post-case creation
    • [ ] [v1] Users can create tags in case nodes and define their own tags for a workflow, has control over what tags autocomplete uses.

Low priority

  • [ ] Advanced controls
    • [x] Case nodes that can update case state (see torq)
    • [ ] Two way sync with external ticketing system
  • [ ] Metrics
    • [x] Remove bar charts
    • [ ] Summary statistics
    • [ ] Time series

daryllimyt avatar Apr 15 '24 16:04 daryllimyt