USM Anywhere Investigations - Level Blue

Overview
USM Anywhere Architecture
USM Anywhere Data Security
USM Anywhere Log Data Enhancement
USM Anywhere Quick Start Guides
USM Anywhere Deployment Guide
USM Anywhere User Guides
- Overview
- Getting Started with USM Anywhere
- USM Anywhere Best Practices
- USM Anywhere Dashboards
- Asset Management
- Alarms Management
- System Events Management
- Console User Events on USM Anywhere
- Configuration Issues Management
- User Behaviour Analytics
- Events Management
- USM Anywhere Scheduler
- Rules Management
- Vulnerability Assessment
- Open Threat Exchange® and USM Anywhere
- USM Anywhere Sensor Management
- The AWS Cloud Connector in USM Anywhere
- Subscription Management
- USM Anywhere Reports
- Machine Learning
- USM Anywhere User Management
- Using USM Anywhere for PCI Compliance
- USM Anywhere Investigations
  - Overview
  - Investigations List View
  - Creating a New Investigation
  - Editing Investigations
  - Searching Investigations
  - Viewing Investigations Details
  - Deleting Investigations
  - Notification Rule for Investigations
- System Status within USM Anywhere
USM Anywhere Agents Guide
USM Anywhere BlueApps Guide


Role Availability	Read-Only	Investigator	Analyst	Manager

Using USM Anywhere, you can create investigations and organize the information from your environment. This feature enables you to manage and coordinate incident response activities. Use Investigations for linking , , notes, and other files to their responses, and you will have a complete view of actions you have taken to address a particular threat. This topic discusses these subtopics: Investigations List View Creating a New Investigation Editing Investigations Searching Investigations Viewing Investigations Details Activity on Investigations Notes on Investigations Evidence on Investigations Deleting Investigations Notification Rule for Investigations

Working with Assets and PCI DSS Investigations List View