| Role Availability | Read-Only | Investigator | Analyst | Manager |
- Go to Investigations.
-
In the upper-right of the page, click New Investigation.
-
Enter the information in each field.
Fields in the New Investigation Dialog box
Field Meaning Title Name identifying the investigation. Assignee User the investigation is assigned to. By default, USM Anywhere automatically assigns every new investigation to the user who creates the investigation. Intent Classify your investigation as Delivery & Attack, Environmental Awareness, Exploitation & Installation, Reconnaissance & Probing, or System Compromise. See Intent for more information. Severity Severity of the investigation. Values are Low, Medium, High, and Critical. Status Status applied to the investigation. By default, it is Open and can not be changed. You can change it later to In Review or Closed. See Viewing Investigations Details to learn more about changing the default Status setting. Description (Optional.) Enter an investigation description. - Click Save.