Cases

Cases provide a central place to track incidents, document findings, and coordinate response efforts. Whether you're a security analyst triaging threats, a site reliability engineer responding to outages, or a platform engineer monitoring your Elastic Stack, cases bring together alerts, evidence, and team communication in one place.

You can create cases in Elastic Security, Observability, or Stack Management depending on your workflow. Attach alerts and files, add comments and context, assign team members, and push updates to external systems like Jira or ServiceNow.

Get started

Start by creating your first case, then configure case settings to add external connectors, custom fields, and templates. Once you have cases, you can add alerts, files, and visualizations to document your investigation, and share cases with external systems.

Note

If you're using Elastic Security, explore Security case features for additional capabilities like adding events and Timelines to cases.