Getting more value from your endpoint security tool #3: Querying Tips for Incident Investigation
Cisco Orbital Advanced Search has an entire category dedicated to Forensics, which contains queries to collect data such as installed programs on the host, types of failed login attempts, operating system attributes, and more.
CONNECT WITH US