Built for the people
who own the file.

The case file does
the paperwork.

You're the one running the matter — interviews, evidence, leads, the next call. CaseAgent keeps the canonical record current as you work, so the file is always closure-ready and you stop re-typing what already happened.

• Leads, evidence, and notes attached to the matter as you go — not at the end
• Triage intake into a case in one panel; no copy-paste between tools
• Activity log writes itself — chain of custody from first tip to final decision

• EmailAug 12 thread — vendor POsha256 verified
• DocPO discrepancy worksheet.xlsxsha256 verified
• NoteWitness interview — A. Pereiralogged 2h ago
• LeadBadge logs — bldg 3 weekendL-7198

Run the function,
not the queue.

You see across every matter and every investigator. CaseAgent gives you the operational picture — who owns what, what's behind on its due date, where the bottleneck is — without weekly status calls to compile it.

• Live view of every open matter, owner, and due date; no spreadsheet rebuild
• Reassign workloads, configure templates, and set access policies in-product
• Metrics that drill: click any number to see the cases driving it

• M. Kapur
  9 · 2
• R. Patel
  7 · 1
• J. Liu
  5 · 0
• A. Tate
  4 · 1

Defensible
by default.

When the regulator, the auditor, or opposing counsel asks how you handled a matter, the answer should already be in the file. CaseAgent gives you the chain of custody, the access record, and the legal hold without having to reconstruct anything.

• Tamper-evident activity log — who saw what, when, and why, hash-chained and verified daily
• Issue legal holds in-product; artifacts frozen, custodian acks tracked
• Per-case access policies; nothing leaves the system without audit

• Today 10:42M. KapurIssued legal hold · 4 custodians
• Today 09:15R. PatelAcknowledged hold notice
• YesterdayJ. LiuViewed evidence E-19 · sha256 verified
• 2d agoA. TateRestricted access — counsel only

The picture,
not the noise.

You don't need every case detail. You need to know the function is healthy, the risk is contained, and the numbers you'll quote to the board are defensible. CaseAgent surfaces the operational truth without you having to ask for it.

• Board-ready dashboards: volume, time-to-resolve, due-date adherence, reopen rate
• Sign-offs routed to you with the full case context, not a summary email

Defensible from
the IdP to the audit log.

You don't make investigation decisions — you make sure the system the investigators use stands up to your auditors, your regulators, and your incident response playbook. CaseAgent gives you the identity hooks, the tamper-evident evidence trail, and the controls procurement asks for in week one.

• SAML SSO and SCIM 2.0 provisioning with Okta and Microsoft Entra ID; directory sync reconciles daily
• Custom roles built from a 50+ permission registry, mappable to your IdP groups
• Customer-managed encryption keys (BYOK) via AWS or GCP KMS — every decrypt logged with user, action, and case
• Outbound signed webhooks (HMAC-SHA-256, retry-aware, secret rotation) into your SIEM or SOAR
• Off-site immutable backups with object lock; quarterly restore drills
• API tokens, break-glass access, and an action-type audit log with 100+ tracked operations

• Today 11:08SCIMOkta · created user m.lee@acme.com · group: Investigators
• Today 10:54RoleMapped group "Compliance-Leads" → CaseAgent role "Compliance Approver"
• Today 09:42KMSAWS KMS decrypt · case CA-2041 · actor a.wilson · evidence E-19
• YesterdayBreak-glassExecutive-approved CASE_READ · 30-min scope · all access logged
• YesterdayWebhookINTAKE_SUBMITTED → siem.acme.net · 200 · signed delivery