Overview

Cloud SIEM offers integrated tools to streamline security investigations after a security signal is generated. These tools guide you through the following investigative workflow when a security signal is triggered:

• Threat assessment
• Scope comprehension
• Impact determination

Start with Investigate Security Signals to triage and investigate signals using the signals explorer. Filter by severity, entity, or timeframe to quickly assess what triggered detections and decide which signals require immediate attention.

For a more entity-centric approach, Risk Insights consolidates SIEM signals, Cloud Security findings, and identity risks into unified entity profiles representing users or assets paired with an opinionated risk score model.

To gain a broad understanding of how an actor moves throughout your ecosystem, the Investigator graphical interface maps connections between entities and activities over time.

Further reading

お役に立つドキュメント、リンクや記事:

Identify risky behavior in cloud environmentsBLOG