Evidence Pane for More Context
The Evidence button can provide additional context around what happened here. After clicking on it, it'll appear on the right hand side. Now we can tell the port, type of traffic, and the IP addresses associated with the traffic. Next, let's drill into Gene's user profile to get more information on his activity.
Bring Multiple Types of Data to the Investigation
In addition to what is pre-populated for each alert, you can query your endpoints in real time, and search across network data and raw logs.