Forensics and Analysis

Respond quickly to security incidents, conduct compromise assessments, threat hunting and monitoring.

Important:

This feature is not available in all regions.

The Forensics and Analysis app (XDR Threat Investigation > Forensics and Analysis) allows security teams to collect forensic evidence from endpoints, create workspaces to organize the collected evidence, and conduct security incident investigations.

The following table outlines the sections available in the Forensics and Analysis app.

Section

Description

War Room

Create workspaces to organize the collected evidence and conduct incident investigations.

Packages

Collect and manage evidence packages.