Views:

Identify and mitigate potential system breaches and incidents in your environment.

Workbench Insights(Agentic SIEM & XDRWorkbench) facilitate efficient investigations. Workbench insights are created from both correlated alerts and standalone alerts using advanced correlation and machine learning techniques.
The following table outlines the available actions for Workbench insights:
Action
Description
Filter insights by severity and score
Click the Severity and score column title to filter Workbench insights by ascending or descending severity and score.
Note
Note
Severity color indicates the level of urgency and potential impact of an insight, while score numbers represent overall priority. Focus on and promptly address insights with higher scores to ensure efficient security management.
View insight details
Locate a Workbench insight and click the insight ID to view the details of the insight.
Filter and locate insights
  • Use the drop-down menus to filter insights by Last updated time, Event time, Case status, or Created time.
  • Click Add filter and select an option from the drop-down menu to filter by Alerts, Asset group, Custom tag, Criticality, Data source / processor, or Endpoint group.
  • Click a column heading to sort insights by score, case ID, last updated time, or creation time.
  • Use the search box to filter insights by insight ID, alert ID, case ID, endpoint, user, email, container, cloud identity, or highlighted object.
Open a new case
Locate a Workbench insight and click Open new case to create a new case to manage insight investigation.
Important
Important
Opening a case for standalone alerts disables the Workbench alert note functionality and transfers all related Workbench notes to the case.
You can only add new notes can directly to the case.
See Automated Response Playbooks
Click Automated Response Playbooks to display the Automated Response playbooks available in Security Playbooks.
Related information