End-of-Life (EoL)

Evidence Handling

Add evidence to the evidenceboard to assist you with your investigation.
You can view or designate any entity as evidence which enables you to reconstruct attack chains and piece together key pieces of verification for root cause discovery.
In the
War Room
you can mark any entity as evidence by clicking the flag next to each entry. You can view the evidence in the
War Room
or open the evidence entry from the
Evidence Board
. When adding evidence you need to add a description which should contain enough details that can be used for future reference. Adding a tag helps you to find the evidence by searching for the tag. You can also add an occurrence date and time.
The Evidence Board
The Evidence board stores key artifacts for current and future analysis. You can view and manage evidence entities that were detected in the
War Room
and designated as Evidence.
You can search for evidence and select the date range when the evidence occurred.
Evidence can be viewed in
Table View
or
Summary View
. In the
Table View
, you can remove, export, or show in the
War Room
. In the
Summary View
you can remove or edit the evidence.

Recommended For You