Manage an investigation by adding collections, managing alerts, adjusting the timeline, analyzing assets and artifacts.
Forensic investigations streamlines your incident response, data collection, threat hunting and analysis of your endpoint. By using the Forensic Investigation, you can find the source and scope of the attack and to determine what, if any, data was accessed. It provides a single location for grouping, tracking, and analyzing all forensic data collections.
Forensic Investigations enables you to do the following:
View any alerts triggered during data ingested as part of the investigation.
Tag relevant evidence for inclusion for the Investigation Timeline.
Export collected data for long-term retention.
Set user permissions that can be assigned to investigations allowing you to restrict access to the Investigation page including the Investigation Timeline and collection details.
The Forensic Investigation fields shows information relating to the investigation.
Field | Description |
---|---|
Investigation | Name of the investigation. |
Status | Present status of the investigation:
|
Evidence collections | Number of completed collections from the total collections. |
New alerts | Total count of alerts for the collection where the Resolution Status=New. |
Total alerts | Total number of alerts for data collected in the investigation You can click the link to open the investigation on the Alerts tab. |
Created | Timestamp of when the investigation was created. |