Manage Investigations

Cytomic Orion automatically generates an investigation when it detects signals related to a potential attack.

Investigations enable you to analyze incidents and share evidence with other analysts. Add signals, entities of interest, and additional resources to complement your analyses.

Create an Investigation

When Cytomic Orion detects an incident on a computer, it checks whether an investigation already exists for that computer. If there already is an investigation that has a Pending or ‏Open status, Cytomic Orion assigns the incident to the investigation. Otherwise, it creates a new investigation.

For more information about incidents, see Manage Incidents.

To manually create an investigation.

• In the top menu, select Investigations. The Investigations list opens.

• Click New investigation . The Clients dialog box opens.

• To configure the list view, see List Configuration Tools.

• Select the check boxes for the clients you want to associate with the investigation.

• Click OK. The dialog box closes and the investigation is created.