To keep incident response repeatable, we recommend expressing case actions as a list of tags.For example, given a newly opened phishing email case, you might want want to set the tags: “quarantine” and “user-education”.Check out the MITRE D3FEND matrix for ideas.
Tracecat automatically fills the case context with the following MITRE ATT&CK labels (if applicable).For example:
Select the case you want to close in the case table.
The case side panel will open.
Use the case status dropdown menu to change the case status to Closed.