Saved Investigations

You can save an investigation to keep a record for yourself and to share with others. Saved investigations can also provide evidence to justify a course of action. When saving an investigation, the investigation is assigned a unique identifier for subsequent retrieval and analysis.

The Saved Investigations panel on the Investigate page provides a list of the investigations that have been saved in your organization (they are not private to individual users). Click View All in the lower left corner of the panel to open the Saved Investigations page to view the complete list.

Saved Investigations

The table displays the following information:

Column Name

Description

Name

The user-specified name of the saved investigation. Click the Name to open the saved investigation on the Investigation Results page.

Description

The user-specified description of the saved investigation.

Timestamp

Date and time for when the investigation was saved or updated.

Created By

The user name of who created the saved investigation.

Options Menu

Click the (Ellipsis) icon to open the Options menu and choose to Download JSON or Delete the saved investigation.

You can specify the number of rows to be displayed on the page in the table footer.

You can search and sort the saved investigations to narrow the display.

  • Search - Enter your search criteria in the Search text box in the upper portion of the panel to search for a saved investigation using lucene syntax.

  • Sort - You can sort the saved investigations based on the date and time it was created. Click the (Sort) icon next to the Timestamp column to sort the table by oldest or most recent created date and time.

You can edit the title and description of the saved investigation by clicking the (Ellipsis) icon and choosing Edit from the drop-down menu.

Enter a new Title and Description and then click Save.

Edit investigation

You can download the title and description of a saved investigation by clicking the (Ellipsis) icon and choosing Download JSON from the drop-down menu. The file is downloaded to your computer.

You can delete a single saved investigation from the Options menu or delete multiple saved investigations from the Selector menu.

  1. In the Saved Investigations panel, use one of the following methods to delete saved investigations:

    • Check the check boxes for the saved investigations that you want to delete and then click the Selector drop-down and choose Delete.

      Delete Selected Saved Investigations

    • Click the (Ellipsis) icon for a specific saved investigation and choose Delete.

      • Options Menu

  2. On the Delete Investigation confirmation dialog box, check the I am absolutely sure I want to do this check box and click Delete.

    3. Delete Confirmation

Perform the following steps to save your investigation for later reference by anyone in your organization:

  1. Run an investigation on the Investigate page (see the Investigate help topic).

  2. On the Investigation Results page, click Save Investigation in the upper right corner,

    Save Investigation Dialog

  3. On the Save Investigation dialog box, enter a Title and Description (optional).

  4. Click Save.

    5. The investigation is now accessible from the Saved Investigations page.

    When you save an investigation, it is tied to the account you used to log in. For example, if you save an investigation while logged in using your Secure Endpoint account, it will not be available to you when you’re logged in with your Secure Malware Analytics account.