Identify Key Metrics
Start by asking for high-level summaries to understand the overall state of your environment.
Example: Show me the total number of threats in the last 24 hours.
Drill Down Into Categories
Narrow the focus by exploring subcategories or specific types of data.
Example: Break down threats by category and severity.
Spot Top Entities
Identify the most significant users, applications, locations, or assets in your environment.
Examples:
- Who are the top 10 affected users this week?
- Which apps generated the most incidents?
Compare Over Time
Use time-based comparisons to identify trends and changes in your security posture.
Examples:
- Compare incident volume this week vs. last week.
- Trend of traffic volume by application over the past 30 days.
Correlate Data Across Dimensions
Explore relationships between different entities to uncover hidden patterns.
Examples:
- Show top users by threat category and source IP.
- What are the most used high-risk applications by location?
Filter by Attributes
Add specific filters to focus on the most relevant data for your investigation.
Example: Show me threats from San Jose with severity high.
Look for Anomalies or Spikes
Ask for outliers or unusual changes that might indicate security issues.
Example: What unusual traffic patterns were observed today?