Find Relevant Case
by dandye
Search for existing SOAR cases related to specific indicators or entities. Use to find correlation with other investigations before starting new analysis. Takes search terms and returns matching case IDs.
Skill Details
Repository Files
1 file in this skill directory
name: find-relevant-case description: "Search for existing SOAR cases related to specific indicators or entities. Use to find correlation with other investigations before starting new analysis. Takes search terms and returns matching case IDs." required_roles: soar: roles/chronicle.editor personas: [tier1-analyst, tier2-analyst, tier3-analyst, incident-responder]
Find Relevant Case Skill
Identify existing SOAR cases that may be related to the current investigation based on IOCs, hostnames, usernames, or other entities.
Inputs
SEARCH_TERMS- List of values to search for (e.g.,["198.51.100.10", "mikeross-pc", "jsmith"])- (Optional)
CASE_STATUS_FILTER- Filter by status: "Opened", "Closed" (default: "Opened") - (Optional)
TIME_FRAME_HOURS- Lookback period for case creation/update - (Optional)
MAX_RESULTS- Maximum cases to return
Workflow
Step 1: Construct Search Filter
Build a filter for list_cases based on search terms and filters.
Note: The list_cases tool may have limited ability to search within case entities. If direct entity search isn't supported, use broader filters and refine results.
Step 2: Execute Search
secops-soar.list_cases(
filter=constructed_filter,
limit=MAX_RESULTS
)
Step 3: Process Results
Extract case IDs and basic details (DisplayName, Priority) from results.
Step 4: (Optional) Refine Results
If too many results, use get_case_full_details on a subset to verify entity presence:
secops-soar.get_case_full_details(case_id=candidate_case_id)
Outputs
| Output | Description |
|---|---|
RELEVANT_CASE_IDS |
List of case IDs that match the search |
RELEVANT_CASE_SUMMARIES |
Brief summaries (ID, name, priority) |
FIND_CASE_STATUS |
Success/failure status of the search |
Limitations & Workarounds
The list_cases tool may not support direct entity searching. Alternatives:
- Broader filters - Use time range, alert type, then manually review
- SIEM correlation - Search SIEM for entity, check if events belong to a SOAR case
- Multiple searches - Search each term separately, combine results
Related Skills
Team Composition Analysis
This skill should be used when the user asks to "plan team structure", "determine hiring needs", "design org chart", "calculate compensation", "plan equity allocation", or requests organizational design and headcount planning for a startup.
Startup Financial Modeling
This skill should be used when the user asks to "create financial projections", "build a financial model", "forecast revenue", "calculate burn rate", "estimate runway", "model cash flow", or requests 3-5 year financial planning for a startup.
Startup Metrics Framework
This skill should be used when the user asks about "key startup metrics", "SaaS metrics", "CAC and LTV", "unit economics", "burn multiple", "rule of 40", "marketplace metrics", or requests guidance on tracking and optimizing business performance metrics.
Market Sizing Analysis
This skill should be used when the user asks to "calculate TAM", "determine SAM", "estimate SOM", "size the market", "calculate market opportunity", "what's the total addressable market", or requests market sizing analysis for a startup or business opportunity.
Anndata
This skill should be used when working with annotated data matrices in Python, particularly for single-cell genomics analysis, managing experimental measurements with metadata, or handling large-scale biological datasets. Use when tasks involve AnnData objects, h5ad files, single-cell RNA-seq data, or integration with scanpy/scverse tools.
Geopandas
Python library for working with geospatial vector data including shapefiles, GeoJSON, and GeoPackage files. Use when working with geographic data for spatial analysis, geometric operations, coordinate transformations, spatial joins, overlay operations, choropleth mapping, or any task involving reading/writing/analyzing vector geographic data. Supports PostGIS databases, interactive maps, and integration with matplotlib/folium/cartopy. Use for tasks like buffer analysis, spatial joins between dat
Market Research Reports
Generate comprehensive market research reports (50+ pages) in the style of top consulting firms (McKinsey, BCG, Gartner). Features professional LaTeX formatting, extensive visual generation with scientific-schematics and generate-image, deep integration with research-lookup for data gathering, and multi-framework strategic analysis including Porter's Five Forces, PESTLE, SWOT, TAM/SAM/SOM, and BCG Matrix.
Plotly
Interactive scientific and statistical data visualization library for Python. Use when creating charts, plots, or visualizations including scatter plots, line charts, bar charts, heatmaps, 3D plots, geographic maps, statistical distributions, financial charts, and dashboards. Supports both quick visualizations (Plotly Express) and fine-grained customization (graph objects). Outputs interactive HTML or static images (PNG, PDF, SVG).
Excel Analysis
Analyze Excel spreadsheets, create pivot tables, generate charts, and perform data analysis. Use when analyzing Excel files, spreadsheets, tabular data, or .xlsx files.
Neurokit2
Comprehensive biosignal processing toolkit for analyzing physiological data including ECG, EEG, EDA, RSP, PPG, EMG, and EOG signals. Use this skill when processing cardiovascular signals, brain activity, electrodermal responses, respiratory patterns, muscle activity, or eye movements. Applicable for heart rate variability analysis, event-related potentials, complexity measures, autonomic nervous system assessment, psychophysiology research, and multi-modal physiological signal integration.