Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Overview
Cloud SIEM offers integrated tools to streamline security investigations after a security signal is generated. These tools guide you through the following investigative workflow when a security signal is triggered:
- Threat assessment
- Scope comprehension
- Impact determination
Start with Investigate Security Signals to triage and investigate signals using the signals explorer. Filter by severity, entity, or timeframe to quickly assess what triggered detections and decide which signals require immediate attention.
For a more entity-centric approach, Risk Insights consolidates SIEM signals, Cloud Security findings, and identity risks into unified entity profiles representing users or assets paired with an opinionated risk score model.
To gain a broad understanding of how an actor moves throughout your ecosystem, the Investigator graphical interface maps connections between entities and activities over time.
Further reading
Documentation, liens et articles supplémentaires utiles:
