Use Threat Investigation to locate suspicious objects in the network.
If the network is the target of an ongoing attack or an APT, a threat investigation can:
-
Assess the extent of damage caused by the targeted attack
-
Provide information on the arrival and progression of the attack
-
Aid in planning an effective security incident response
The following types of threat investigation are available:
-
Preliminary investigations can quickly identify endpoints which are possible candidates for further analysis. A preliminary investigation uses server metadata to quickly return results.
For more information, see Preliminary Investigations.
-
Detailed investigations perform the investigation on the current system state. Detailed investigations can be configured to run at specific periods, and also support a wider set of criteria through the use of OpenIOC and YARA rules.
For more information, see Detailed Investigations.