Indicator Analysis Using the Investigation Console

Unlike the Advanced SQL Query module, which enables you to carry out analyses across the entire data lake generated by a client’s IT infrastructure, the investigation console enables you to analyze events in depth on specific computers and specific dates. This resource provides all necessary tools for analysts to inspect the processes run on a computer in detail, and to graphically review information about their activity and relationships with other processes or items in the operating system.

The retention period for the telemetry stored in the data lake is one year.