Create an investigation
Create your own investigations.
We create investigations for the detections that you're most likely to want to investigate. You can also create an investigation, as follows:
Go to Overview > Threat Analysis Center > Investigations.
On the Investigations page, click Actions > Add investigation.
Enter an investigation name and click Create new investigation.
In Investigation record, configure the investigation as follows:
- Set the priority to High, Medium, or Low.
- Leave the status set to In Progress.
- Click Type to assign and select the Sophos Central admins who will investigate.
In Detection list, click Actions > Add detections.
On the Detections page, select a detection and click Add to investigation.
Alternatively, click the arrow beside a detection to see its details and select specific reports
Now you're ready to investigate. See "Investigate detected events" in Investigations.
You can add more detections to your investigation at any time from the Detections page.