A base that can contain cybersecurity incidents that get generated by a SIEM or SOAR tool. The base can be extended with additional metadata when incidents require additional fields. Indicators of Compromise (IoCs) can be tracked across multiple cases allowing for some basic threat intelligence use cases as well. An Interface is available for security analysts to manage each record and triage the alert with notes and other findings.