Investigations examples
- Recent Outbound Host-Port Connections
- New Outbound Host Connections
- Running Containers and Container Lifespan
- What Commands Did Users Type By Host (History Evasion)
- Which Users Logged into Which Hosts
- Find Files Affected by Container
- Files and Processes Responsible for File State
- Child Process Activity Around Time of Alert
- Parent Process Activity Around Time of Alert
- Process Activity Around Time of Incident
- External-bound Network Traffic - IPv4 - With Allowed Exceptions
- External-bound Network Traffic - IPv6
- External-bound Network Traffic - IPv4
- Known Malicious Host
- Post incident investigation