This documentation supports the 25.1 version of BMC Helix for Security Incident Handling.To view an earlier version, select the version from the Product version menu.

Adding and managing evidence

You can add evidence for a security case after it moves into the Assigned status. You can either add attachments, or links to the attachments or to websites as evidence. You can add attachments or up to 3 links as evidence to a security case.

After you add the evidence, you cannot modify it. You can only view the evidence and modify the description for the evidence. 

All actions that are performed on the evidence are captured in the evidence log and can be viewed in a separate pane on the case details page.

Related topics

Evidence-and-evidence-log

Before you begin

Make sure that you have write permissions for a security case to add evidence.

To add evidence to a security case

  1. Open a security case that is in the Assigned or later status.
  2. On the case details page, on the Evidence tab, click + Evidence.
  3. On the Create Evidence page, specify the Name and Description for the evidence.
  4. In the Collected By field, select the user who collected the evidence from the drop-down list.
    You can now view details of the user such as name, email ID, login ID, contact number and profile picture from the drop down list.
  5. Specify the Collected time and Source of the evidence.
  6. To add links as evidence, click + Link.
  7. Specify the Label and URL of the link.
  8. To add attachments as evidence, click Attach.
  9. Select a file from your local drive.
  10. Click Save.

To view the evidence log in a security case

  1. Open a security case that is in the Assigned or later status.
  2. On the case details page, on the Evidence tab, click the name of the evidence.
  3. On the Evidence > General tab, view the details of the evidence.
  4. (Optional) To change the description of the evidence, complete the following steps:
    1. Click Edit.
    2. Modify the description.
    3. Click Save.
  5. On the Evidence details pane, click Activity log.
    The name of the user who viewed or downloaded the attachment, and edited the description of the evidence is displayed in reverse chronological order. 
  6. To download the evidence log, click Download.
    The evidence log is available for downloading in PDF format.
  7. Click Close.

Where to go from here

Resolving-security-cases

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*