Last updated at Mon, 11 Mar 2024 18:11:31 GMT
Incident investigations aren’t easy. Imagine investigation as a 100-piece jigsaw puzzle, except there are a million unarranged pieces to build from. Top analysts need to know what “bad” looks like and how to find it, and they must bring a sharp Excel game to stitch everything together. While raw logs and pivot tables will always be a part of a responder’s arsenal, applying this process to every investigation is a recipe for karoshi—death by overwork.
Many of you use investigations in InsightIDR every day, and we’ve continued to invest in that experience. Let’s cover three enhancements in our SIEM solution that will help you find evil faster and cut down on those “Burning Overtime Operations” (BOO!): a faster, smoother experience, collaborative notes, and investigation assignment.
A Faster, Smoother Visual Timeline
Every alert in InsightIDR automatically populates in the Investigations tab and comes with a variety of visual cues. You’ll notice the new case management features, notes and assignment, have been added.
Once you click to delve deeper, you’re greeted by the familiar visual timeline.
From the left filter, you can choose what alerts and notable behaviors are shown on the timeline. Everything should also feel a bit more responsive, whether you’re loading up the evidence tab, pivoting into log search, or running on-demand endpoint jobs.
Add Notes to an Investigation
If you see something, you should be able to say something. For any investigation, you can now add notes, whether to share with a teammate or to remind yourself later. Click on the “Notes” button to add and view additional context your team has added to the investigation.
Assign Investigations to Team Members
This highly-requested feature is simple to use. From either the Investigations tab or an individual visual timeline, use the Assign dropdown to tag a member of the team. Each InsightIDR user can filter to their own investigations, reducing redundant work and maximizing the strengths of the team. Users will receive an email whenever they are assigned to a new investigation.
If you’re an InsightIDR customer, hop in and triage some alerts! Please share if these enhancements help you save more time in your response workflows.
Don’t have InsightIDR? We just released a full-featured 30-day trial, so see for yourself why InsightIDR is the SIEM you’ve always wanted.
Want to know whenever InsightIDR content is published on the blog? Add us to your RSS feed!
