Investigate Overview

Begin with an overview of investigations and workflow concepts in the Stellar Cyber Platform. Learn the fundamentals of creating workflows aligned with organizational risk tolerance, and discover practical applications of the Stellar Cyber UI for triage, investigation, and workflow optimization.

Learn to construct a risk matrix that aligns workflows with the risk tolerance and security priorities of your organization. Explore categorization techniques for prioritizing threats across different industries, and see how to implement workflows that support consistent triage and investigation practices.

Explore workflow tools within the Stellar Cyber UI, including case management, knowledge sharing, task assignment, and alert triage. Discover ways to enhance collaboration, automate notifications, and integrate the UI tools into efficient SOC workflows.

Get familiar with built-in investigation views within the Stellar Cyber Platform, such as case views, alerts, and kill chain views. Learn how to prioritize and sort cases and alerts for effective triage, using these views to drive incident response.

Understand the theoretical concepts behind effective SOC workflows, including handling escalations and coordinating with cross-functional teams. Gain insights into setting up workflows that reflect organizational goals and cybersecurity priorities.

Discover foundational strategies for building workflows in the Stellar Cyber Platform, focusing on tools that support knowledge transfer, case management, and task tracking. Learn how to structure workflows to streamline operations within your SOC.

Dive into practical considerations for creating workflows, including best practices for workflow consistency and efficiency. Explore tips for building workflows that adapt to real-world security operations and SOC needs.

Watch a step-by-step investigation of a case in the Stellar Cyber Platform from start to finish. Follow an example case through detailed analysis and evidence gathering, learning how to apply tools and techniques — including toolbar filters, the search tool, and threat intelligence — to build a cohesive incident narrative. Explore how to enrich cases with context drawn from Interflow data lake records and different stages in the kill chain for a more comprehensive investigation using Case Management.

Master the basics of alert triage, including prioritizing alerts by severity and relevance. See how the Stellar Cyber UI can assist in managing high-priority alerts and grouping related events for streamlined analysis.

Follow practical demonstrations of alert handling across three critical threat scenarios using the Stellar Cyber Platform. Investigate command anomalies to understand how unusual commands affect network security, and apply techniques for managing these alerts effectively. Explore DNS tunneling detection, examining how Interflow data and machine learning surface tunneling activity within the data lake, and see how toolbar filters and the search tool help narrow investigation scope. Learn to handle privilege escalation alerts, one of the highest-risk event types, and discover how Stellar Cyber Platform workflow tools and Case Management support the investigation and mitigation of privilege-based threats. Throughout each scenario, apply threat intelligence to contextualize findings and build a repeatable approach to alert triage.