## Investigations

The Investigations page provides you a list of all the Investigations that the SOC team has performed, along with several filtering options and additional information for each investigation.

• Case number - the ID of the investigation.

### Note

• Detected on - timestamp of when the investigation was initiated.

• Category - the type of the investigation.

• Expected Activity

• False Positive

• Malicious Code

• Poor Security Practice

• Potentially Unwanted Program

• Scans

• Unauthorized System Access

• Vulnerability Exploitation

• Severity - the severity of the incident, as resulted from an investigation. The severity of an incident can have one of these values:

• Low

• Medium

• High

• No threat

• Unknown

• Detection - the name of the signature on which the investigation is based.

• Hostname - the name of the endpoint involved (or org for multiple endpoints).

• Company - the name of the company where the threat was detected.