Skip to main content

Investigations Interface

The Investigation interface allows administrators to investigate all data available to the application through a series of customizable filters. These investigations can be saved so they can be run ad hoc at a later time. Investigations can also be "saved as a threat" which enables investigation criteria to function as a threat detection mechanism that will be monitored by Threat Manager like out-of-the-box threats.

Click Investigate in the application header bar to open the Investigations interface.

Investigations interface

The Investigations interface contains the following pages:

  • New Investigation – Enables you to run queries on available data with desired filters for a specific timeframe. See the New Investigation Page topic for additional information.
  • Favorites – Provides a list of saved queries the logged in user has tagged as a Favorite. See the Favorites Page topic for additional information.
  • Audit and Compliance – Provides a list of saved out-of-the-box investigations with applied filters for commonly used Audit and Compliance activity reports. See the Audit and Compliance Page topic for additional information.
  • Predefined Investigations – Provides a list of saved out-of-the-box investigations with applied filters for Applications, Computers, Groups, iNetOrgPerson, Roles and User activity reports. See the Predefined Investigations Page topic for additional information.
  • My Investigations – Provides a list of saved investigations created by the application users. See the My Investigations Page topic for additional information.
  • Subscriptions and Exports – Provides a list of investigations that are either subscribed to or scheduled for export. See the Subscriptions and Exports Page topic for additional information.

Every investigation has the same options at the top of the page. See the Investigation Options topic for additional information.

Every report generated by an investigation query displays the same type of information. See the Investigation Reports topic for additional information.

Search for Saved Investigations

The Investigations interface includes a search field in the navigation pane to find saved investigations by name.

Investigations Search showing matching results

Type in the search box. As you type, a drop-down will populate with saved investigations containing matches.