Investigation tools

edit

The following sections describe tools for investigating security events and tracking security issues directly in Elastic Security.

These features are available in the Elastic Security app’s side navigation menu:

  • Cases: Track investigation details about security issues.
  • InvestigationsTimelines: Workspace for investigations and threat hunting.
  • InvestigationsOsquery: Run live and scheduled queries on operating systems.
  • Intelligence: Indicators of compromise used for threat intelligence.
  • Notes: Use notes to coordinate responses, conduct threat hunting, and share investigative findings.