---
title: Triage and Investigate
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: Docs > Datadog Security > Cloud SIEM > Triage and Investigate
---

# Triage and Investigate

## Overview{% #overview %}

Cloud SIEM offers integrated tools to streamline security investigations after a security signal is generated. These tools guide you through the following investigative workflow when a security signal is triggered:

- Threat assessment
- Scope comprehension
- Impact determination

Start with [Investigate Security Signals](https://docs.datadoghq.com/security/cloud_siem/investigate_security_signals/) to triage and investigate signals using the signals explorer. Filter by severity, entity, or timeframe to quickly assess what triggered detections and decide which signals require immediate attention.

For a more entity-centric approach, [Risk Insights](https://docs.datadoghq.com/security/cloud_siem/entities_and_risk_scoring) consolidates SIEM signals, Cloud Security findings, and identity risks into unified entity profiles representing users or assets paired with an opinionated risk score model.

To gain a broad understanding of how an actor moves throughout your ecosystem, the [Investigator](https://docs.datadoghq.com/security/cloud_siem/investigator) graphical interface maps connections between entities and activities over time.

## Further reading{% #further-reading %}

- [Identify risky behavior in cloud environments](https://www.datadoghq.com/blog/risky-behavior-cloud-environments/)