.svg)
.png)
Investigate with Harvey®
Investigate is built with the Skills gap in mind; you do the threat hunting with No-Code KQL, while Harvey® works in the background.
No-Code KQL
Investigate writes the KQL code for you so that you can focus on threat hunting. After all, that is the main reason for using automation.
Investigate and Harvey
Investigate is located in all areas where you do your threat hunting, incidents, devices, firewalls and Tickets.
If it's orange, click on it!
The general rule is that if you are threat hunting in the SecQube portal, if you see orange text or numbers, click it, and Harvey® will write the KQL to drill in.
Investigate allows security teams to analyse and understand the full context of a security incident. It provides detailed information about threats, including their origin, the systems they have affected, and their potential impact
It enables real-time incident response, which is crucial in limiting the damage that security incidents can cause. The quicker a threat is identified and mitigated, the less harm it can do.
Investigate is integrated with other security tools and systems added to Sentinel, enabling it to collate and analyse data from multiple sources and provide a more complete picture of the security landscape.
Investigate using machine learning algorithms to learn from past incidents. This helps predict and prevent future threats.
It also helps organisations to comply with regulations by providing traceable evidence of security incidents and responses.
Investigate empowers analysts with a swift and intuitive platform that enables them to tackle complex threat hunting with confidence and ease.
