Investigations are a key part of the analyst workflow. Analysts must be able to answer important questions such as “Was this a successful attack? Is it spreading?”, usually through creating an incident timeline. This step often requires an analyst to manually collect and correlate evidence across disparate tools, a process that typically takes hours or even days to complete and often leaves more questions than answers.
In this white paper, we walk through to how to investigate a malicious IP address using machine-built incident timelines. With automation, security teams have the answers they need to move more quickly from investigation to remediation and response.