The SOC Floor • Room 3

Investigations & Timelines

The **Investigation** feature allows multiple analysts to collaborate on a single security incident.

You can add notable events, raw logs, action histories, and manual notes to an investigation timeline.

This establishes an audit trail and timeline of the attacker's actions from initial access to data exfiltration.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Explain the Investigation framework.

To collaborate on an incident, analysts add notable events and notes to a shared ______. This establishes a permanent ______ trail.