Skip to main content

Integrations

Investigation Dashboard

This dashboard provides a list of the top 1000 Investigations sorted on the basis of time.

The filters used for this dashboard are Time Range, Policy, and Label.
For the Label filter, select from a drop-down or type the label value.
If you type the label value, you must use this format for the label value: LabelCategory:LabelValue, such as app:abc.
Label Categories can be “app”, ”role”, ”env”, or ”loc”.

Label Value	Expected Result
app:	Top 1000 results in which Source Label Application or Destination Application label is not null.
app:Abc	Top 1000 results in which Source Label Application or Destination Application label is “Abc”

Note

You must configure the account in the configuration page to see the labels in the label filter in the dashboard. Do not use special characters when you are searching with labels because the result may be inaccurate.

The labels in this dashboard are from the src_labels and dst_labels fields in JSON (srcLabels and dstLabels in LEEF).

Investigation_Dashboard

Investigation_Dashboard_Label_Suggestion

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.