Creating a New Investigation

Role Availability Read-Only Investigator Analyst Manager

USM Anywhere enables you to create and manage your own investigations.

To create a new investigation

  1. Go to Investigations.
  2. In the upper-right of the page, click New Investigation.

    New Investigation dialog box

  3. Enter the information in each field.
  4. Fields in the New Investigation Dialog box
    Field Meaning
    Title Name identifying the investigation.
    Assignee User the investigation is assigned to. By default, USM Anywhere automatically assigns every new investigation to the user who creates the investigation.
    Intent Classify your investigation as Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, or System Compromise. See Intent for more information.

    Severity of the investigation. Values are Low, Medium, High, and Critical.

    Status Status applied to the investigation. By default, it is Open and can not be changed. You can change it later to In Review or Closed. See Viewing Investigations Details to learn more about changing the default Status setting.
    Description (Optional.) Enter an investigation description.
  5. Click Save.