Manage Investigations

Cytomic Orion implements a repository where it logs and stores everything discovered by SOC technicians during an analysis. This resource is called ‘investigation’.

In most cases, investigations are created by Tier 1 analysts who triage indicators. If there is enough evidence to suspect a cyberattack, the analyst creates a new investigation that compiles the indicators related to that attack. This provides Tier 2 technicians with a well-defined study framework and an environment where they can share all the information generated.

All actions carried out by the SOC technicians within the framework of an investigation are stored for future consultation. This enables you to keep track of the use of data derived from investigation-related activities, and monitor access to SOC clients’ computers by analysts, along with other actions.