Detection & Response

The Case List screen in the SmartWAN Portal, accessible under the "Detection & Response" section, provides a detailed list of cases generated by analyzing event logs. This screen allows users to view and manage security and network-related incidents efficiently.

• Filters and Search:
  • Customer and Asset Selection: Dropdown menus at the top (e.g., "Select a customer," "Select an asset") to filter cases by specific customers or assets.
  • Date Range: A date picker to filter cases within a specific time period (e.g., 2024/09/30 - 2024/10/30).
  • Advanced Search: A button on the right to access advanced search options for more granular filtering.
• Case Summary:
  • Displays the total number of cases (e.g., 279 cases) and the total results (e.g., 2,193 cases) for the selected filters.
• Case Table:
  • A table listing cases with columns such as:
    • Event Type: Type of event (e.g., Raw Packet).
    • Source Asset: Source of the event.
    • Destination Asset: Destination of the event.
    • Rule: Applied rule.
    • Source IP: Source IP address.
    • Destination Port: Destination port.
    • Time: Timestamp of the event.
    • Raw Packet: A column with a clickable icon to view raw packet details (e.g., BSX525D9252F...).
• Notification Settings:
  • A "Notification Settings" button at the top-right corner to configure alert preferences.

Customer Selection:

• Dropdown Menu: Displays a list of available customers (e.g., SK Telecom, Samsung Electronics, KT&G, Ericsson, Coca Cola, General Electric, BMW).
• Action: Click the "Select a customer" dropdown to choose a customer, filtering the case list to show only cases related to the selected customer.

Multi-Tenant Support:

• Each customer is represented, indicating secure separation of data in the multi-tenant environment.
• The associated assets for the selected customer are displayed.