Learn how to create, delete, and configure workspaces in the Forensics app.
The War Room tab lets you to create and manage workspaces. Use workspaces to organize collected evidence and create investigation timelines.
The following table outlines the actions available on the War Room
tab:
|
Action
|
Description
|
|
Create a workspace
|
Workspaces let you to organize evidence, construct investigation timelines, and triage
endpoints in your environment.
Click Create Workspace to create a new workspace.
|
|
View a workspace
|
Click the workspace name to go to the workspace.
|
|
Search for a workspace by name
|
Use the Keyword search field to locate specific workspaces by name
|
|
View a case
|
Cases let you keep track of incident investigations, procedures, and supplemental information
for threat alerts and risk events
If a Forensics workspace is part of a case in Case Management, click the case ID to
display the case in the Case Viewer.
|
|
Update impacted endpoints
|
In Case Viewer, click Update Forensics Workspace to update a
workspace with impacted endpoints.
If the case no longer includes an endpoint, Trend Vision One does not automatically
remove the endpoint. You can manually delete any unimpacted endpoints from the workspace.
|
|
Additional actions
|
Locate a workspace, click
 at the end of the row, and select any of the available actions:
|