Learn how to create, delete, and configure workspaces.
Create and manage workspaces, organize collected evidence with workspaces, and create investigation timelines on the War Room tab.
The following table outlines the actions available on the War Room tab.
|
Action
|
Description
|
|
Create a workspace
|
Organize evidence, construct investigation timelines, and triage endpoints in your
environment with workspaces.
Click Create Workspace to create a new workspace.
|
|
View a workspace
|
Click the workspace name to go to the workspace.
|
|
Search for a workspace by name
|
Use the Keyword search field to locate specific workspaces by name.
|
|
View a case
|
Keep track of incident investigations, procedures, and supplemental information for
threat alerts and risk events with cases.
If a Forensics workspace is part of a case in Case Management, click the case ID to
display the case in the Case Viewer.
|
|
Update impacted endpoints
|
In Case Viewer, click Update Forensics Workspace to update a
workspace with impacted endpoints.
If the case no longer includes an endpoint, Trend Vision One does not automatically
remove the endpoint. You can manually delete any unaffected endpoints from the workspace.
|
|
Additional actions
|
Locate a workspace, click
 at the end of the row, and select any of the available actions:
|