Investigation
The 'Investigation' section allows you to identify analyze events by event type, computer or hash value. For example, you can query events generated by a certain browser on specific devices.
- Event Search - Search for events according to specific parameters. Parameters include event ID, device name, logged on user and so on. You can use operators to concatenate parameters and build granular queries. See 'Event Search' for details.
- Computer Search – Search for events that were recorded as a specific endpoint. The search results include items such as network connections, malware detections, event trends and so on. See 'Computer Search' for details.
- Hash Search – Search for events based on the hash value of the file. The search results include file name and type, point of entry, execution trend, file history and more. See 'Hash Search' for details.
- Process Timeline – View a timeline of processes initiated by events. See 'Process Timeline' for details.