Triage and Investigate

Esta página aún no está disponible en español. Estamos trabajando en su traducción.
Si tienes alguna pregunta o comentario sobre nuestro actual proyecto de traducción, no dudes en ponerte en contacto con nosotros.

Overview

Cloud SIEM offers integrated tools to streamline security investigations after a security signal is generated. These tools guide you through the following investigative workflow when a security signal is triggered:

  • Threat assessment
  • Scope comprehension
  • Impact determination

Start with Investigate Security Signals to triage and investigate signals using the signals explorer. Filter by severity, entity, or timeframe to quickly assess what triggered detections and decide which signals require immediate attention.

For a more entity-centric approach, Risk Insights consolidates SIEM signals, Cloud Security findings, and identity risks into unified entity profiles representing users or assets paired with an opinionated risk score model.

To gain a broad understanding of how an actor moves throughout your ecosystem, the Investigator graphical interface maps connections between entities and activities over time.

Further reading

Más enlaces, artículos y documentación útiles:

Identify risky behavior in cloud environmentsBLOG more more