Investigation tools
editInvestigation tools
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
The following sections describe tools for investigating security events and tracking security issues directly in Elastic Security.
These features are available in the Elastic Security app’s side navigation menu:
- Cases: Track investigation details about security issues.
- Investigations → Timelines: Workspace for investigations and threat hunting.
- Investigations → Osquery: Run live and scheduled queries on operating systems.
- Intelligence: Indicators of compromise used for threat intelligence.
- Notes: Use notes to coordinate responses, conduct threat hunting, and share investigative findings.