Investigations List View

Role Availability Read-Only Investigator Analyst Manager

The Investigations page provides a list of all of the investigations created in your environment. Go to Investigations to open a centralized view of your investigations. Each row describes an investigation.

Investigations Main Page

The Investigations page includes navigation and filtering elements to help you locate the investigations you want to review. When you go to Investigations, the page displays all of the open and in-review items by default.

The following table lists the default columns in the investigations page.

List of the Default Columns in the Investigations Page
Column / Field Name Description
Title Name identifying the investigation.
ID This is a sequential and automatic number assigned by the system that identifies the investigation.
Severity Severity of the investigation. Values are Low, Medium, High, and Critical.
Status

The status applied to the investigation. It can be Open, In Review, and Closed. See Viewing Investigations Details if you want to change the status.

Intent Classify your investigation as Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, or System Compromise. See Intent for more information.
Created The date and time the investigation was created. The date displayed depends on your computer's time zone.
Assignee Email of the person to whom the investigation has been assigned.
Last Updated The date and time that the Investigation page was last updated. The date displayed depends on your computer's time zone.
Last Updated by Email of the last person who has updated the investigation.

Use the icon if you want to modify some information. See Editing Investigations for more information.

Use the icon if you want to delete an investigation. See Deleting Investigations for more information.

Sort and Filter the Displayed Investigations

To change the sort order of the displayed list, click the column label for the field that you want to use to sort the list. Use the filters in the upper side of the list to change the displayed list so that it includes only the jobs you want to see. These are the filters:

Available filters on the Investigations page

  • Filter by Title or ID: Enter a search string for the name of the investigation or the investigation ID to display only matching jobs.
  • Severity: Select a value between Low, Medium, High, or Critical. You also have the option All to display all of the severities that you have in your environment.
  • Intents: Select a value of Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, or System Compromise.
  • Assignee: Select the email of the person of whom you want to display its assigned investigations.
  • Open: Select this checkbox if you only want to display the investigations that are open.
  • In Review: Select this checkbox if you only want to display the investigations that are in review.
  • Closed: Select this checkbox if you only want to display the investigations that are closed.