Skip to main content

Investigations

Investigations are planned as grouped timelines around a security or operations workflow.

Current state:

The event timeline provides a thin-slice investigation surface.
Correlation IDs connect device discovery, alert, delivery, evidence, and audit records.

Planned:

Investigation workspaces.
Comments and analyst notes.
Multi-event correlation.
Evidence export.