Incident Response

Investigations

Case files for active and historical investigations. Each incident bundles related alerts, the AI Co-Analyst's findings, and a chronological timeline of analyst + automation activity.

Open

Investigating

Contained

Closed

Mean risk

61/100

Active investigations · 5

Click any case to open the timeline and AI summary.

INC-0042criticalinvestigating
Suspected credential compromise on finance workstation
Credential TheftDefence EvasionInitial Access2 affected · 2 linked alerts · 8 events
Risk
86
Updated
3m ago
INC-0041highopen
Edge brute-force campaign against /admin
Brute ForceCredential Stuffing2 affected · 1 linked alerts · 3 events
Risk
64
Updated
8m ago
INC-0039mediuminvestigating
Anomalous data egress — personal Drive upload
Exfiltration1 affected · 1 linked alerts · 2 events
Risk
48
Updated
30m ago
INC-0040highinvestigating
Service account creates scheduled task on DC
PersistencePrivilege Escalation2 affected · 1 linked alerts · 4 events
Risk
71
Updated
35m ago
INC-0038mediumcontained
Phishing wave impersonating Microsoft 365
PhishingCredential Harvesting1 affected · 1 linked alerts · 3 events
Risk
38
Updated
2h ago