Graylog Investigations
This feature provides a streamlined solution for quickly gathering and analyzing important data allowing you to easily view the full context of an issue or a threat.
Users can create investigations based on timelines, data sets, or individual events.
View Associated data points in a single View
Create and reuse investigations to save time and effort. Investigations need evidence which is a collection of events searches, dashboards and logs. Linking all or some of the evidence will make it much easier and more convenient for your investigation.
Enter Detailed Notes and Share
Update the incident by adding detailed notes that can be shared between your teams assigned to Priority level and the status can be modified as well. An investigation can be closed by archiving in the event the issue is not resolved the investigation can be reopened and easily change the incident priority and statuses.
Preserve your Investigation
New incidents can be raised with a default priority level investigation streams are created to ensure the evidence attached to the investigation is available after the data source is gone. two roles are available investigation manager who has full control over investigations an investigation reader who has read only
that concludes this feature video thanks for watching and until next time happy logging