Oracle® Adaptive Access Manager Administrator's Guide Release 10g (10.1.4.5) Part Number E12055-03 |
|
|
View PDF |
Oracle Adaptive Access Manager provides a set of tools for creating and supporting two different types of cases: Customer Service Representative (CSR) Cases and Agent Cases.
CSR Cases are used in customer care situations associated within the normal course of doing business online and over the phone when providing assistance to customers. The customer support representatives can use the CSR set of tools for handling inquiries associated with adaptive risk manager.
Agent Cases are used specifically by fraud investigators and investigation managers for analyzing data and finding relationships between sessions and cases. When an investigator links sessions and cases, Oracle Adaptive Access Manager can search the data for suspicious activity.
This chapter provides information about CSR cases and Agent cases, case dispositions, and case workflow.
The procedures for managing CSR and Agent cases are identical for searching and closing cases, changing a case's status and severity level, and adding notes.
Oracle Adaptive Access Manager provides the Search User Cases page to quickly locate a CSR case or an Agent case in the system. You can search the list by Application ID, username, case number, keyword, or date range. You can also filter the list by severity level, case status, disposition, or expired/overdue.
After you locate the case you want, you can click the case ID to view the case details.
When you have located a specific case or created a new case, you have the option of performing several different tasks. The Search Cases page also enables you to create a new CSR or Agent case.
To view a list of all CSR cases
Click Search Cases on the Cases menu.
The Search User Cases page appears.
To locate cases for a specific end user, enter the User Name.
To locate a specific case, enter the case number.
To locate a case by a keyword that appears in the description, enter the word you want.
To locate cases by the date in which the last action occurred or by case create date, click the calendar icons and then click the start and end dates you want.
To filter the list by case severity level, select the severity level you want.
The severity level is a marker to communicate to case personnel how severe this case is. The severity level is set by whomever creates the case. The available severity levels are High, Medium, and Low. If a customer suspects fraud, then the severity level assigned is "High." If the customer wants a different image, then the severity level assigned is "Low." Severity levels of a case can be escalated or de-escalated as necessary.
To filter the list by case status, select the status you want.
Status is the "current" state of a case. Status values used for a case are New, Pending, or Closed. When a case is created, the status is set to New by default.
To filter the list by case type, select the type you want.
CSR - CSR cases are used in customer care situations associated within the normal course of doing business online and over the phone when providing assistance to customers.
Agent - Agent cases that fraud investigators and investigation managers work on. They are used specifically by fraud investigators and investigation managers for analyzing data and finding relationships between sessions and cases.
To filter the list by disposition, select the disposition you want.
The disposition describes the way in which the issue was resolved in a case. Cases only have dispositions when they're closed. If a case has any status besides closed, the disposition is left blank.
The dispositions to choose from are:
Confirmed Fraud
Duplicate
False Negative
False Positive
Issue Pending
Issue Resolved
Not Fraud
To filer the list by expired/overdue, select the option you want.
The options available are:
Show All
Hide
Show Only
Click Run Query.
The Search User Cases page enables you to change the Severity, Status, and Expiration Date settings for multiple cases at once.
To change the case settings for multiple cases at once:
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Select the check box next to each case you want to edit.
Click Edit Cases.
The Edit Cases page appears.
Change the case settings you want and click Apply Edit.
This section provides information about viewing, creating, and specifying the disposition of a CSR case.
Customer Service personnel can access various functionality in Adaptive Risk Manager based on the role to which they are assigned. The default, built-in roles include Customer Service Representative and Customer Service Representative Manager.
Customer Service Representative
CSRs have very limited access to Adaptive Risk Manager. CSRs have access to search, open, and create CSR type cases. There are no outward facing hyperlinks in any of the screens CSRs have access to. CSRs have access to a limited list of actions and no access to bulk edit functions on the Search User Cases page.
Customer Service Representative Manager
CSR Managers have the access privileges of CSRs and some other limited functionality. Members cannot create Agent cases, and hide Actions, Log, and Linked/Related tabs in Agent cases.
A CSR case is a record of related customer care events and actions for a single customer. Multiple cases also provide a way of segregating unrelated issues and actions for a customer.
CSR cases are used by the customer service representative while assisting a customer.
To create a new CSR case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Enter your User Id or User Name and Application ID (if applicable) at the top of the page.
Enter a description of the case at the top of the page.
Select CSR from the Case Type menu at the top of the page.
Select a severity level from the Severity Level list at the top of the page.
Click Create Case.
The Case Details page appears and displays the logins for that user.
You can take action in a CSR case to add notes, reset challenge questions, change the severity level or status of a case, escalate a case, enable a temporary allow, reset the image and phrase, or extend expiration date for a case.
Status refers to the current state of a case, to whether it is new, pending, or closed. Adaptive Risk Manager Online automatically assigns the status of "New" to each case when it is created. You need to change the status to Pending once the case is escalated.
To change the status of a case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case Details page appears and defaults to the Logins tab
Click the Actions tab.
In the Action list, click Change Status.
The Status list appears below the Action list with contextual instructions.
In the Status list, click the status you want.
You can select New, Pending, or Closed.
If you select Closed, the dispassion menu appears from which you need to select the reason why you are closing the case.
Enter a note describing why you are taking the action.
You can select from existing notes or enter a new note.
Click Submit.
Each time you take an action in a case you are required to enter a note describing why you are taking the action. You can also select the action "Add Note" with the express purpose of adding a note to a case. In this instance, you can either add a "Standard" note that can be written and read by customer service representatives, managers, and investigators; or you can add a "Restricted" note that can only be written by investigators and read by customer service managers and investigators.
To add a note to a case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case Details page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Add Notes.
The Notes field appears to the right.
Enter a note.
Click Submit.
When a case is created it is assigned a severity level to indicate its importance. The severity level is shown on the Case Details page. The available severity levels are High (Red), Medium (Yellow), and Low (Blue). If a customer suspects fraud, then the severity level assigned would be High. If the customer wants a different image, then the severity level assigned would be Low. You can escalate or de-escalate the severity level of a case as necessary.
To escalate or de-escalate the severity level of a case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Change Severity.
The Severity list appears below the Action list.
In the Severity list, click the severity level you want.
Enter a note describing why you are taking the action.
You can select from existing notes or enter a new note.
Click Submit.
Authenticator uses images and phrases on its virtual authentication devices as part of the personalization to help prevent fraud. During phone contact with a customer you can reset their personal image and/or phrase. Authenticator also uses questions as additional credentials to help prevent fraud. You can reset these questions for the customer when necessary.
The Action tab on the Case page enables you to reset the following personal items for a customer:
Image—Randomly assigns a new image to the customer.
Phrase—Randomly assigns a new phrase to the customer.
Image & Phrase—Randomly assigns a new image and phrase to the customer.
Customer (All)—Deletes the customer's image, phrase, questions and question set. The customer will be sent through the registration flow the next time they log in.
Reset Questions—Deletes the current questions and answers. The customer will need to select new questions and answers form their question set the next time they log in.
Next Question—Advances the customer to the next challenge question in their list of registered questions. So if they are currently being asked question A, they will now be asked question B or C.
Reset Question Set—Deletes the current questions and answers and generates a new question set for them to register from.
Unlock Customer—If a customer is locked out of the system as a result of failed challenge questions, Unlock Customer resets the customer's failure counter.
Ask Question—Displays a challenge question for the CSR to ask the customer and a field to enter customer's response.
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Customer Resets.
The User Item list appears below the Action list.
In the User Item list, click Image.
The Notes list appears.
In the Notes list, click the note you want.
If you select "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
Adaptive Risk Manager Online generates a new image. Inform the customer that they will see a new personal image in their Authenticator the next time they login to the Web site but their phrase will be unchanged.
Click Search Cases on the Cases menu.
The Search User Cases page appears
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click Actions.
In the Action list, click Customer Resets.
The User Item list appears below the Action list.
In the User Item list, click Phrase.
In the Notes list, click the note you want.
If you selected "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
Adaptive Risk Manager Online generates a new phrase. Inform the customer that they will see a new security phrase in their Authenticator the next time they login to the Web site but their personal image will be unchanged.
To reset a customer's image and phrase
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Customer Resets.
The User Item list appears below the Action list.
In the User Item list, click Image & Phrase.
In the Notes list, click the note you want.
If you selected "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
Adaptive Risk Manager Online generates a new image and phrase. Inform the customer that they will see a new personal image and security phrase in their Authenticator the next time they login to the Web site.
To reset a customer's security questions, question set, image, and phrase
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case Details page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Customer Resets.
The User Item list appears below the Action list.
In the User Item list, click Customer (All).
In the Notes list, click the note you want.
If you selected "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
Adaptive Risk Manager Online resets the customer's security questions, question set, image and phrase. Inform the customer that they will go through security registration the next time they login to the Web site.
To reset a customer's questions
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Challenge Questions.
The Item list appears below the Action list.
In the Item list, click Questions.
In the Notes list, click the note you want.
If you selected "Other" in the Notes list, enter a note describing why you are taking the action.
Click Submit.
Adaptive Risk Manager Online deletes the existing questions and answers. Inform the customer that they will go through security questions registration the next time they login to the Web site.
To increment a customer to their next question
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Challenge Questions.
The Item list appears below the Action list.
In the Item list, click Next Question.
In the Notes list, click the note you want.
If you selected "Other" in the Notes list, enter a note describing why you are taking the action.
Click Submit.
Adaptive Risk Manager Online allows the customer to proceed to the next question. Inform the customer that they will be asked a different security question the next time they login to the Web site.
To reset a customer's security questions and the set of questions to pick from
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Challenge Questions.
The Item list appears below the Action list.
In the Item list, click Reset Question Set.
In the Notes list, click the note you want.
If you selected "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
Adaptive Risk Manager Online resets the customer's security questions and the set of questions they may register questions from. Inform the customer that they will go through security questions registration the next time they login to the Web site.
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Challenge Questions.
The Item list appears below the Action list.
In the Item list, click Unlock Customer.
In the Notes list, click the note you want.
If you selected "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
To extend expiration date
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Extend Expiration Date.
The Extension list appears below the Action list.
In the Extension list, choose the length of time you want the expiration to be extended to.
In the Notes list, click the note you want: Extended or Other.
If you selected "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
To use a customer's challenge questions for phone authentication
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Challenge Questions.
The Item list appears below the Action list.
In the Item list, click Ask Question.
A challenge question appears in the Question field.
Ask the customer the question.
Enter the customer's answer in the Answer field.
In the Notes list, click the note you want.
If you selected "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
If the customer answers the question correctly, the system automatically takes appropriate action depending on their status such as unlocking the customer if they were locked out.
If the customer answered the question incorrectly, they will get additional attempts at that question (depending on configuration). If the customer exceeds the maximum number of failures for a question another question appears in the Question field. If you ask the customer two or more questions in this process, and they answer successfully, their questions are automatically reset.
If you ask all of the questions and the customer failed all attempts at each question, the customer will be locked out of online access.
A customer may be blocked from logging in or performing transactions if a security rule is being triggered. For example, they may be traveling on business and attempting to log in from a black listed country and the system has blocked them. You can use the Temporary Allow feature to grant temporary account access to a customer who is being blocked from logging in or performing a transaction.
To allow a blocked customer temporarily
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Temporary Allow.
The Allow list appears below the Action list.
In the Allow list, select the desired temporary allow.
If you select "Select End Date", click the calendar icon and click the end date you want.
Click in the Notes box and select the type of note you want.
If you want to terminate an active allow for a customer, select Cancel to remove it
If you selected Other as the note type, enter a note describing why you are taking the action.
Click Submit.
Your customers can elect to register their device during registration. A customer might, for example, register their office or home computers, but not register a computer they might use on a business trip.
The rules administrator could then write or configure rules based on a device registered flag. For example, they could configure a rule that would always challenge the customer if their current device is not registered. Or they could create a larger rule that would take the fact that the device is not registered into account.
As a CSR you can unregister all of a customer's devices through the Actions tab on the Case Details page.
To unregister a customer's devices
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want.
The Case Details page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Customer Resets.
The User Item list appears below the Action list.
In the User Item list, click Unregister Devices.
In the Notes list, click the note you want.
If you selected "Other" from the Notes list, enter a note describing why you are taking the action.
Click Submit.
All of the customer's devices are unregistered.
Adaptive Risk Manager Online maintains a unique log of every customer service action taken while working on a case. Each log entry includes the log ID, CSR user ID, log code, and notes. You can use this Log while you are in phone contact with a customer to view the case history.
You can search the log of a case by CSR user ID, notes keyword, date range, or action keyword. You can also filter the log by log code.
To view a log of all activity within a case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Log tab.
The activity log for that case appears at the bottom of the page.
To search the log of a case
Display the log for the case you want to search.
Enter search criteria in the fields for CSR ID, Notes Keyword, Action Keyword, or date range.
Click Run Query.
To filter a log by log code
Display the log for the case you want to filter.
In the Log Code list, select the log code you want.
Click Run Query.
When you are in telephone contact with a customer you can view a list of that customer's previous logins. The list of logins provides information about authentication status, login time, device ID, location, and alerts.
To view a list of a customer's logins
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
The list of past logins for that case appears at the bottom of the page.
To search for a customer's logins by device ID or date range
Display the list of logins for the case.
To search the log by device ID, enter the ID of the device.
To search the log by date range, click the calendar icons and select the start date and the end date.
Click Run Query.
To filter the list of customer's logins by authentication status or alert level
Display the list of logins for the case.
To filter the log by authentication status, select the authentication status you want.
To filter the log by alert level, select the alert level you want.
Click Run Query.
By clicking the case number on the Search User Cases page, you can open an existing case. The case page provides such general details about the case as the customer's user name, status, severity level, and description. It also provides access to the actions that can be taken, a log of case activity, and a list of customer logins.
To view the case details, click the plus sign (+) next to Case at the top of the page.
The following information will be displayed in Case Details.
General Case Details
Case Created - The date and time the case was created.
Case Status - The case status can be New, Pending, or Closed. When a case is created, the status is set to New by default.
Severity Level - The severity level is set by whomever creates the case and used as a marker to communicate to users how severe this case is.
Case Type - Agent or CSR
Disposition - When a case is closed the disposition describes the way in which the issue was resolved. Cases only have dispositions when they're closed. If a case has any status besides closed, the disposition is blank.
Expiration Date: Date when CSR case expires. By default, the length of time before a case expires is 24 hours. After 24 hours, the status will change from New to Expired. After the case expires, the CSR user will not be able to open the case anymore, but the CSR manager will be able to. The length of time before a case expires is configurable in the customercare.properties file. Refer to the Oracle Adaptive Access Manager Developer's Guide for details for configuring the expiry behavior.
Description - The details for the case. A description is required.
Last Case Action - The last action executed for this user in the CSR case
Date of Last Case Action - The date when last action occurred.
Last Global Case Action - The last action that occurred for this user (identified by a combination of the Username and User ID) in ALL CSR cases. Agent cases are not taken into account.
Date of Last Global Case Action - The date when the last action was perform against the user online.
User Data
Username - User for whom case is created
User ID - Encrypted username
Application ID - The ID of the application.
In a multi-tenant deployment, CSRs will only have access to cases limited to their primary Application ID. CSR Managers and investigators can access cases from multiple applications.
Last Online Action - The last action that user executed, for example - Answered challenge question would show "Challenge Question" or if user is blocked, "Block."
Date of Last Online Action - Date when last online action was executed.
Temporary Allow Expire Date - When temp allow is enabled; this field tells you when it expires. If temporary allow is 7 days, the expiry date will be a week from today.
Temporary Allow Active - If temporary allow is active, this field shows "Yes;" otherwise the field shows "No."
Completed Registration - If user has completed registration, this field shows "Yes;" otherwise it shows "No." The user must complete all of the following tasks: personalizing a TextPad (image and phrase), and registering security questions and answers.
Questions Active - If user has completed registration, but questions have been reset, and he hasn't gone back and registered new ones, this field would display "No." This field shows "yes" if the user has completed registration and questions exists by which he can be challenged.
Personalization Active - When user has an image, a phrase and questions active, this field would display "Yes." If any one of these are reset, this field would display "No."
Instructions to view details about logins, a log of actions, or a list of available actions are given below.
To view details about logins
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case Details page appears which displays details about the case at the top and a list of the recent logins at the bottom.
To view a log of actions on this case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case Details page appears.
Click the Log tab.
To view a list of actions available for a case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case Details page appears.
Click the Actions tab.
By clicking the user ID on the Search User Cases page, you can open the User ID Details page for an existing case. The page provides such general details about the user as the user name, user group, and application ID. It also provides access to details about the user group, devices associated with the user ID, locations associated with the user ID, alerts associated with the user ID, and so on.
Agent cases are tools for investigators and investigation managers to facilitate an investigation by identifying the data and relationships. By linking sessions and cases so that Oracle Adaptive Access Manager case locate relationships or related cases to the data that is linked in those sessions, sessions in which an suspicious activity has occurred, a session in which an alert was generated.
This section provides information about viewing, creating, linking cases, and specifying the disposition of an agent case.
To create a new agent case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Enter a description and choose a severity level. Agent cases are not associated with a particular user. Agent cases can be created with just a description and severity level, and so, they do not need a username or User ID. Enter your User ID or Username and Application ID (if applicable) at the top of the page.
Select Agent from the Case Type menu at the top of the page.
If you want, enter your User ID, Username, and Application ID (if applicable). Agent cases are not associated with a particular user. Agent cases can be created with just a description and severity level; therefore, they do not need a User ID or Username.
Click Create Case.
The Case Details page appears and displays the login sessions for that case.
Once the Agent case is created, any number of sessions can be selected for linking to the new Agent case. These sessions are the basis for the new case relationships.
The Case Details page provides such general details about the case as the customer's user name, status, severity level, and description.
To view the case details, click the plus sign (+) next to Case at the top of the page.
The following information will be displayed in Case Details.
Case Created - The date and time the case was created.
Case Status - The case status can be New, Pending, or Closed. When a case is created, the status is set to New by default.
Severity Level - The severity level is set by whomever creates the case and used as a marker to communicate to users how severe this case is.
Case Type - Agent or CSR
Disposition - When a case is closed the disposition describes what the resolution was. If a case has any status besides closed the disposition is blank.
Expiration Date - Date when agent case expires. An agent case becomes overdue if not accessed by that date. Once the case is accessed, the expiration date will be reset to the new value and the case is active.
Overdue - If a case is open and has not been accessed longer than the time range set the overdue flag will be set to allow managers to see cases needing attention. For example, if Agent cases are set to 24 hours then the flag will be set to "overdue" if a case is open and has not been accessed in more than 24 hours. An overdue case will be refreshed for another 24 hours if an investigator accesses it. The overdue behavior is configurable in the customercare.properties file. Refer to the Oracle Adaptive Access Manager Developer's Guide for details.
Description - description of the case.
Last Case Action - The last case action executed for this Agent Case. There are no user details in agent cases.
Date of Last Case Action - Date when last case action was executed.
Sessions and/or data that you feel has specific importance to a case may be linked to a case.
The Link Sessions tab on the Case Details page displays a list of login sessions for the case you are investigating. You can search the list by entering search criteria to quickly find the desired login sessions. When found, you can link the sessions to the case to find relationships. You can link as many sessions as you think might be connected to an investigation, but at least one linked session must exist in order for linked sessions to be meaningful.
To find the login sessions you want
On the Case Details page, click the Link Sessions tab.
To filter sessions by authorization status, select the status you want from the Authorization Status menu.
To filter sessions by client type, select the type you want from the Client Type menu.
To filter sessions by alert level, select the alert you want from the Alert Level menu.
To locate sessions by Application ID, User ID, Username, Device ID, IP Address, Session ID, or Internal Session ID, enter the search criteria in the appropriate field.
To locate sessions within a specific time frame, click the To and From calendar icons and select the start and end dates you want.
Click Run Query.
To link sessions to cases
You can link sessions to cases. For example, an investigator could identify three sessions which were found to contain similar fraud. The sessions could be selected from a query and linked to an existing case.
Select the check box next to each session you want to link.
Click the plus sign (+) next to Enter Linking Notes at the top of the page and enter the notes you want about why you are linking the sessions.
Click Link.
The Linked/Related tab appears.
The Linked/Related tab provides four panels that display the linked sessions, related data types, related sessions, and related cases.
After you have linked the sessions you can select the data within the sessions that you want to use for finding relationships.
Related data points are highlighted in red.
The Linked Sessions panel displays all of the sessions that you linked. By default all of the sessions and data points within the sessions are preselected. The panel enables you to select and deselect the sessions and data points within those sessions that you want to use to build relationships.
In addition to the basic session information that Oracle Adaptive Access Manager uses to build relationships such as username, device ID, and location, you can also use transaction information, if it is available. You can include transaction entities such as shipping address and credit card number, which appear in the Transaction column, to find related data in sessions not included in the linked sessions.
To specify the data points you want
Select or deselect individual data points such as User ID, Username, Device ID, or IP Address that you want to include or exclude.
The related data points are displayed in red.
Click Refresh Relationships.
The data points selected in Linked Sessions are used as the foundation for relationships; they are used in the calculation of related cases and sessions. These data points will be highlighted in related sessions and related cases.
To unlink a sessions
Click to clear the check box next to the session you want to unlink.
Click the plus sign (+) next to Enter Linking Notes and enter notes about why you are unlinking the session.
Click Unlink.
The Related Data Type panel enables you to specify what types of data you want to use to create relationships. Selecting related data types is the same as selecting data points in Linked Sessions except that Transactions and Alerts are available choices in Related Data Types.
To specify the data types you want to include
Select the check box next to the data types you want: user ID, username, device ID, IP address, alerts, or transactions.
Click the plus sign (+) next to Enter Linking Notes and enter notes.
Click Link.
Click Refresh Relationships
To specify particular values for the data types
On the Filter Related Sessions/Cases panel, enter the values you want in the data type fields.
Click Refresh Relationships.
Sessions that share data with the linked sessions are related and displayed in the Related Sessions panel. This panel enables you to link these cases to the ones in Linked Sessions.
To specify the sessions you want to link to the case
Select the sessions you want to link.
Click the plus sign (+) next to Enter Linking Notes and enter notes.
Click Link.
Click Refresh Relationships.
Cases that share data with the linked sessions are related and are displayed in Related Cases. Search parameters are available to further narrow the view. The cases will display the data points by which they are related. Each case number will contains links to the case. If there is another investigation in progress that is related to this one, you can define related cases in the Related Cases panel.
To specify the cases you want to include
Select the cases you want to include.
Click the plus sign (+) next to Enter Linking Notes and enter notes.
Click Link.
Click Refresh Relationships.
The Log tab displays a list of actions taken on the case to date and includes the log ID, CSR ID, date, log code, and notes.
You can take action in an agent case to add notes, change the severity level of a case, or change the status of a case.
Each time you take an action in a case you are required to enter a note describing why you are taking the action. You can also select the action "Add Note" with the express purpose of adding a note to a case.
To add a note to a case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case Details page appears.
Click the Actions tab.
In the Action list, click Add Notes.
The Notes field appears to the right.
Enter a note.
Click Submit.
When a case is created it is assigned a severity level to indicate its importance. The severity level is shown on the Case Details. The available severity levels are High (Red), Medium (Yellow), and Low (Blue). You can escalate or de-escalate the severity level of a case as necessary.
To escalate or de-escalate the severity level of a case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Change Severity.
The Severity list appears below the Action list.
In the Severity list, click the severity level you want.
Enter a note describing why you are taking the action.
You can select from a list of existing notes or enter a different note.
Click Submit.
You can change the status of a case to indicate new, pending, or closed. If you close a case you need to select the disposition indicating why the case is being closed.
To change the status of a case
Click Search Cases on the Cases menu.
The Search User Cases page appears.
Click the case number of the case you want to view.
The Case page appears and defaults to the Logins tab.
Click the Actions tab.
In the Action list, click Change Status.
The Status list appears below the Action list.
In the Status list, click the status you want.
If you select Closed, the Disposition menu appears from which you need to select the reason for closing the case.
Enter a note describing why you are taking the action.
You can select from a list of existing notes or enter a different note.
Click Submit.