Learn how to create a forensics investigation. This includes adding a collection, exporting the data collection, managing alerts and key assets & artifacts.
Create a forensics investigation that includes all the forensics data relevant to the investigation. This includes adding collections (hunts and triages), exporting the data collections, managing alerts and evaluating key assets & artifacts.
In Cortex XSIAM, select → → → .
Click New Investigation.
Enter a unique name and optional description for the investigation.
In the Permissions table. select the users that can access the data of the investigation.
Note
Scope-Based Access Control (SBAC) must be enabled for you to set up user permissions.
Refer to User permissions for detailed information on permissions.
Click Save to save the investigation in the Forensics Investigations table or click Save & Start A Collection to start the process of adding collections.
The investigation is saved to the forensic investigation table.