Work findings and run threat hunts across your connected environment.
Investigations has two tabs. Findings collects posture findings from connectors and SaaS findings, with a status lifecycle and the ability to spin a finding into a POAM. Hunting lets you build custom detection rules and schedule recurring hunts across your data.
Open Investigations from the sidebar.
On the Findings tab, review posture and SaaS findings, filter by status, and open a finding to see its detail.
Promote an actionable finding into a POAM to track its remediation formally.
Switch to the Hunting tab to author a custom detection rule against your synced data.
Schedule the hunt to run on a recurring cadence so new matches surface automatically.
Jump straight to the feature, or browse the rest of the guides.