As the lead UX designer, I was tasked to revolutionize LogRhythm's much needed case management system through the development of an innovative panel architecture, enabling security analysts to seamlessly create, track, and manage incidents while maintaining their investigative momentum across the Axon platform.
Crafting a next-gen security incident manager
scroll down to view the project
Disclaimer: Due to confidentiality agreements, the materials involved in this project are limited. I'd be glad to walk-through my process in more detail on a call.
My Role
Primary UX Designer
Team
1 UX Designer (Myself)
1 Project Manager
3 Dev
Design Timeline
9 weeks
This is an image of the implemented case management area and case panel
Limited workspace flexibility, complex security workflows, and scattered threat data made security analysts' jobs extremely challenging.
Teams were struggling to efficiently manage and respond to security threats due to disconnected tools and workflows. When I joined LogRhythm's Axon platform team, I saw an opportunity to revolutionize how analysts interact with security data.
How might we help security analysts quickly detect and respond to threats while reducing cognitive load?
What will help analysts work more efficiently?
Prior solutions focused heavily on technical capabilities but lacked deep understanding of analysts' workflows and mental models. We needed to better understand how analysts actually work to make informed design decisions.
Security analysts struggle with scattered case data and constant context switching during investigations, managing cases across multiple platform areas which led to inefficient workflows and reduced response times. We needed a solution that would unify case management while allowing analysts to create and manage cases from anywhere in the platform.
Core Objectives
-
Design a panel architecture that supports natural case management workflows
-
Enable immediate case creation and data association from any platform area
-
Create a scalable foundation that could support all future case-related features
Project Stakeholders
Internal
-
Security Analysts
-
Product & Engineering Teams
-
Technical Architecture
External
-
Security Analysts
-
SOC Managers
-
Platform Administrators
-
This is a view of LogRhythm's legacy software case managmentment feature
What I noticed
-
Case work and management is usually fragmented across different SIEM platforms researched, forcing analysts to constantly switch contexts while investigating incidents
-
Essential case data and evidence were scattered usually leaving an analyst to have multiple browsers and tabs open, making it difficult to maintain a complete investigation view
-
The existing workflow didn't match how analysts naturally moved between detection, investigation, and response phases
What the platform needed
-
To create a unified case management system that aligned with analysts' natural investigation workflows
-
Present relevant case data and context from anywhere in the platform while maintaining investigation flow
-
Make case creation and evidence collection as seamless as possible to improve investigation efficiency and reduce context switching
This is an image of notes, research findings, and general workflow understanding of case
How do we help analysts manage and investigate cases more effectively?
Presenting Case Management Design Solution: Panel-based architecture proved essential for unified case management, but the implementation needed careful consideration. The challenge was balancing comprehensive case functionality with contextual, workflow-oriented views. I studied how analysts naturally created and managed cases across our legacy security platform and drew inspiration from their investigation patterns.
Design Process
Designing a platform-wide case management system revealed how critical architectural decisions are in supporting complex security operations. Getting the foundation right meant understanding not just how analysts work today, but how their investigation needs would evolve over time.
-
A phased research approach helped us balance immediate case management needs with a scalable panel architecture that could grow with the platform.
-
Close collaboration between design, product, and engineering leads across the 3-month timeline while helping scope out future phasing and feature needs for case.
-
Rapid iteration balanced with careful attention to platform-wide implementation requirements
-
Continuous feedback loops with 20+ security analysts, internal soc, and key stakeholders
-
Strong design ethics in handling sensitive case data and evidence management
This methodology proved particularly effective when developing our panel architecture with the Details and Ledger widgets, where each stage built upon analyst insights while maintaining cross-platform consistency.
A view of a general phased approach to the analyst workflow involving case management, panel architecture, and investigative feature prioritization
I believe successful case management design emerges from the intersection of exploration, craft, and critical design thinking. This belief was reinforced during my work on this foundational project, where each phase moved through clear stages of understanding analyst needs, discovering workflow patterns, iterating on panel designs, implementing across 5 platform areas, and continuous learning through user feedback.
User-Centered Approach
This is a view of analyst investigative panel workflow from case management
Throughout my work on LogRhythm's SIEM platform, I've navigated several critical challenges.
Maneuvering Challenges in Case Management Designs
Designing for Investigation Evolution
Security investigations vary widely in scope and complexity, requiring a flexible system that could handle both simple and elaborate cases. I embraced this challenge by developing a panel architecture that could adapt to different investigation types while maintaining consistency. When designing our case management system, I used a phased approach - breaking down the platform-wide implementation into strategic components that delivered immediate value through the Details and Ledger widgets while building toward a comprehensive case management solution.
Technical Architecture Complexity
During the panel architecture implementation, we faced significant technical challenges implementing cross-platform functionality. To address this, I:
-
Maintained constant communication with the three engineering leads, after our main engineer left
-
Developed solutions that balanced performance with usability
-
Created reusable components to ensure consistency when existing patterns couldn't be used
-
This experience reinforced that close designer-developer partnership is essential for platform-wide architectural changes
The true challenge was designing a foundation agile enough to support both immediate case needs and future investigation patterns while preserving a seamless user experience.
Takeaways
Success came from turning stakeholder diversity into strength - engineering leads, product managers, and analyst insights all helped shape a more robust panel architecture while keeping investigation workflows central.
Building a platform-wide case management system pushed me to find innovative solutions that simplified complex investigation workflows. The resulting panel architecture demonstrated how thoughtful design could transform scattered investigation processes into an intuitive, unified system.
Platform areas impacted
Screens designed
Reusable components made
Want to see more?
I am happy to talk through my research and design work for LogRhythm during a scheduled call, as this work is confidential and cannot be showcased publicly.