Use Threat Investigation to
locate suspicious objects in the network.
Threat Investigations can correlate information from Endpoint Sensor, Cloud App Security,
and
Active Directory to display attack information about an endpoint, user account, and
possible
email attack vectors throughout your network.
 |
NoteYou must properly configure Cloud App Security and Apex Central
before being able to correlate email message information.
For more information, see Configuring Cloud Service Settings.
|
If the network is the target of an ongoing attack or an
APT, a threat investigation can:
-
Assess the extent of damage caused by the targeted attack
-
Provide information on the arrival and progression of the attack
-
Aid in planning an effective security incident response
Live Investigations perform the investigation on the current system
state. Live Investigations can be configured to run at specific periods, and also
support a
wider set of criteria through the use of OpenIOC and YARA rules.
For more information, see Live Investigations.