Skip to main content

The Tool Bar

The Tool Bar Panel provides analysts with a centralized set of tools designed to maximize efficiency and effectiveness when managing a case. Each tool offers specific functionality to streamline investigation, documentation, and collaboration throughout the incident lifecycle.

Copilot

The Analyst Copilot is an AI-powered assistant designed to help SOC analysts streamline incident response, investigation, and remediation. Built on an advanced model, the Analyst Copilot understands the full context of each security incident, providing enriched insights and real-time recommendations. To learn more about the Analyst Copilot, navigate here

Timeline

  • The Timeline section provides a comprehensive history of the case, including its creation and any subsequent modifications and edits.
    • To streamline your search for specific case-related details, use the search bar or click the icon to narrow down information based on case Details, case objects, users, or timeframes.
    • You can edit any comments already posted in the timeline by hovering over the comment, clicking the icon, making any your desired changes, and clicking the button
    Note: We ensure a secure and forensically reliable case timeline, with all edits comprehensively logged.
    • You can customize your comments by clicking on the text input field and selecting from various formatting options, including bold, italics, strikethrough, adding links and code formatting.
    • Use the @ symbol in the text input field to tag collaborating users. Type the username after the @ symbol to filter the list.
    • Use the forward slash () character in the text input field to trigger workflows on the case level or its linked entities (e.g., alerts, observables)
    • You can easily attach a file in two ways:
      1. Drag and drop the file directly into the text input field.
      2. Click on the text input field, then select the icon to browse and choose a file. Once attached, the file will be added to the timeline.

Notifications

In notification section, you can view all questions asked on the Case through the Ask a Question on a Case action. You will also see a notification in the Case Timeline whenever new questions are available.

Analysts can respond directly from this view. Each answer is automatically added to the Case Timeline, and once submitted, the related Ask a Question on a Case action resumes, allowing the workflow to continue seamlessly.

Notes

  • The “Notes” section should be used to document the incident investigation and to add analyst notes related to the case.
  • “Notes” text can be personalized and formatted using the rich text editor. The notes section supports Markdown (md) syntax. Once you’ve made your changes, simply click “Save” to apply them.
  • Drag & drop or paste images directly into the Notes section for quick uploads. Once added, you can resize and reposition them.