Investigate security events

Investigate security events and track security issues in Elastic Security.

The following sections describe tools for investigating security events and tracking security issues directly in Elastic Security.

These features are available in the Elastic Security app's side navigation menu:

  • Cases: Track investigation details about security issues.
  • InvestigationsTimelines: Workspace for investigations and threat hunting.
  • InvestigationsOsquery: Run live and scheduled queries on operating systems.
  • Intelligence: Indicators of compromise used for threat intelligence.

On this page