What is the Overview Tab?

The Overview tab provides a high-level summary of the investigation, including key investigator actions, event counts, potentially compromised users, and significant attacker events.

Investigation Details

This section includes key information such as when the investigation began. You can edit the summary by clicking the ⋮ symbol next to the investigation name in the top-left corner.

Investigation AI Summary

If enabled under Settings > Experiments, an AI-generated summary of key attacker events will be displayed here.

Timeline of Key Investigator and Attacker Activities

Shows important events, including evidence imports and detected malicious activity.

MITRE ATT&CK Categories Observed

Displays the MITRE ATT&CK categories detected in the investigation. Click on a bar to view related events.

Key Events

Highlights detections of malicious and suspicious activity. Click "View More" to see additional events.

Potentially Compromised Users and Assets

Shows users and assets that may have been compromised, similar to the Search tab when filtering by "Users" or "Hostnames."

What is the Overview Tab?

Investigation Details​

Investigation AI Summary​

Timeline of Key Investigator and Attacker Activities​

MITRE ATT&CK Categories Observed​

Key Events​

Potentially Compromised Users and Assets​