Simplify security investigations
Edge takes the manual work out of investigations. Get everything you need for incident response in a single intuitive investigation screen.
Analysts can quickly see whether the user is accessing the network from a normal location (for them), if the account is privileged, if sensitive data was accessed, and if the event occurred during a user’s normal time window and more.
This context helps them determine whether an alert represents a real compromise or an insignificant anomaly.
Risk Assessment Insights
User |
corp.local/ Disgruntled Dan | Dan works from an unexpected geolocation. |
Is a privileged account: Dan is an admin. 1 Additional Insights |
Devices |
1 device | Something fishy is going on. |
First-time use of Dan-PC in the 90 days prior to the current alert. 0 Additional Insights |
Data |
24 Files | Dan usually does not touch this sensitive data. |
100% data accessed for the first time by Disgruntled Dan in the past 90 days. 24 sensitive objects were affected. 0 Additional Insights |
Time |
10/04/16 16:24 10/04/16 18:56 |
These are happening outside of Dan's normal working hours. |
100% of events are outside Disgruntled Dan working hours 0 Additional Insights |