Investigation tools
The following are tools for investigating security events and tracking security issues directly in the Elastic Security app.
- Cases: Track investigation details about security issues.
- Timelines: Workspace for investigations and threat hunting.
- Osquery: Run live and scheduled queries on operating systems.
- Intelligence: Indicators of compromise used for threat intelligence.
- Notes: Use notes to coordinate responses, conduct threat hunting, and share investigative findings.