Use Threat Investigation to locate suspicious objects in the network.
If the network is the target of an ongoing attack or an APT, a threat investigation can:
Assess the extent of damage caused by the targeted attack
Provide information on the arrival and progression of the attack
Aid in planning an effective security incident response
The following types of threat investigation are available:
Preliminary investigations can quickly identify endpoints which are possible candidates for further analysis. A preliminary investigation uses server metadata to quickly return results.
For more information, see Preliminary Investigations.
Detailed investigations perform the investigation on the current system state. Detailed investigations can be configured to run at specific periods, and also support a wider set of criteria through the use of OpenIOC and YARA rules.
For more information, see Detailed Investigations.