Use Threat Investigation to
locate suspicious objects in the network.
Threat Investigations can correlate information from Endpoint
Sensor and Active Directory to display attack information about endpoints and user
accounts
throughout your network.
If the network is the target of an ongoing attack or an
APT, a threat investigation can:
-
Assess the extent of damage caused by the targeted attack
-
Provide information on the arrival and progression of the attack
-
Aid in planning an effective security incident response
The following types of threat investigation are
available:
-
Historical Investigations can quickly identify endpoints which are possible candidates for further analysis. A Historical Investigation uses server metadata to quickly return results.For more information, see Historical Investigations.
-
Live Investigations perform the investigation on the current system state. Live Investigations can be configured to run at specific periods, and also support a wider set of criteria through the use of OpenIOC and YARA rules.For more information, see Live Investigations.