case-management
Installation
SKILL.md
Case Management
Manage SOC cases using the elastic-security MCP connector.
ALWAYS call the tool
When the user asks about cases, ALWAYS call manage-cases to open the interactive dashboard.
Do not try to answer from memory or describe cases without calling the tool first.
| User says | Tool call |
|---|---|
| "show me my cases" | manage-cases (no params) |
| "any open cases?" | manage-cases with status: "open" |
| "closed cases" | manage-cases with status: "closed" |
| "cases for SRVWIN02" | manage-cases with search: "SRVWIN02" |
| "critical cases" | manage-cases with severity: "critical" |
| "show case 42" | manage-cases (user can click it in the dashboard) |
| "create a case" | create-case with title, description, tags, severity |
| "create a case for this alert" | create-case with alert details, then attach-alert-to-case |
Related skills