Skip to main content

Investigations Interface

The Investigation interface allows administrators to investigate all data available to the application through a series of customizable filters. These investigations can be saved so they can be run ad hoc at a later time.Click Investigate in the application header bar to open the Investigations interface.

If you have not integrated the Threat Manager Reporting module with a Netwrix product, the interface is displayed as:

Investigations interface

To integrate with a Netwrix product, such as Threat Prevention, see the Netwrix Integrations Page topic.

After integration, when you click Investigate in the application header bar, the Investigations interface defaults to the New Investigation page as follows:

New Investigation window

The Investigations interface contains the following pages:

  • New Investigation – Enables you to run queries on available data with desired filters for a specific timeframe. See the New Investigation Page topic for additional information.
  • Favorites – Provides a list of saved queries the logged in user has tagged as a Favorite. See the Favorites Page topic for additional information.
  • Audit and Compliance – Provides a list of saved out-of-the-box investigations with applied filters for commonly used Audit and Compliance activity reports. See the Audit and Compliance Page topic for additional information.
  • Predefined Investigations – Provides a list of saved out-of-the-box investigations with applied filters for Applications, Computers, Groups, iNetOrgPerson, Roles and User activity reports. See the Predefined Investigations Page topic for additional information.
  • My Investigations – Provides a list of saved investigations created by the application users. A link to this page is displayed in the navigation pane when you save your first investigation. See the My Investigations Page topic for additional information.
  • Subscriptions and Exports – Provides a list of investigations that are either subscribed to or scheduled for export. See theSubscriptions and Exports Page topic for additional information.

Every investigation has the same options at the top of the page. See the Investigation Options topic for additional information.

Every report generated by an investigation query displays the same type of information. See the Investigation Reports topic for additional information.

Search for Saved Investigations

The Investigations interface includes a search field in the navigation pane to find saved investigations by name.

Investigations Search showing matching results

Type in the search box. As you type, a drop-down will populate with saved investigations containing matches. The part of the investigation name that matches the search text is in bold.