Triage and Investigate

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Overview

Cloud SIEM offers integrated tools to streamline security investigations after a security signal is generated. These tools guide you through the following investigative workflow when a security signal is triggered:

  • Threat assessment
  • Scope comprehension
  • Impact determination

Start with Investigate Security Signals to triage and investigate signals using the signals explorer. Filter by severity, entity, or timeframe to quickly assess what triggered detections and decide which signals require immediate attention.

For a more entity-centric approach, Risk Insights consolidates SIEM signals, Cloud Security findings, and identity risks into unified entity profiles representing users or assets paired with an opinionated risk score model.

To gain a broad understanding of how an actor moves throughout your ecosystem, the Investigator graphical interface maps connections between entities and activities over time.

Further reading

추가 유용한 문서, 링크 및 기사:

Identify risky behavior in cloud environmentsBLOG more more