Identify Key Metrics
Start by asking for high-level summaries to understand the overall state of your environment.
Example: "Show me the total number of threats in the last 24 hours."
Drill Down Into Categories
Narrow the focus by exploring subcategories or specific types of data.
Example: "Break down threats by category and severity."
Spot Top Entities
Identify the most significant users, applications, locations, or assets in your environment.
Examples:
- "Who are the top 10 affected users this week?"
- "Which apps generated the most incidents?"
Compare Over Time
Use time-based comparisons to identify trends and changes in your security posture.
Examples:
- "Compare incident volume this week vs. last week."
- "Trend of traffic volume by application over the past 30 days."
Correlate Data Across Dimensions
Explore relationships between different entities to uncover hidden patterns.
Examples:
- "Show top users by threat category and source IP."
- "What are the most used high-risk applications by location?"
Filter by Attributes
Add specific filters to focus on the most relevant data for your investigation.
Example: "Show me threats from San Jose with severity high."
Look for Anomalies or Spikes
Ask for outliers or unusual changes that might indicate security issues.
Example: "What unusual traffic patterns were observed today?"