About the Evidence Board

The evidence board is where most of the interaction takes place in an investigation. The evidence board allows you to add ThreatQ objects, such as Indicators and Adversaries to the investigation, represented as graphical nodes. The evidence board interacts with the other two components of an investigation workbench, the action panel and the timeline.

As you add objects to the evidence board, relevant information about that object is automatically included on the timeline. If you select to highlight a node on the evidence board, the action panel displays a summary relevant to that node. These summaries can range from as broad as the overall investigation to as granular as an attribute related to an object.

Accessing an Object's Details Page on the Evidence Board

You can select an object on the evidence board and launch its object details page in ThreatQ for further investigation. For more information about ThreatQ objects, see the ThreatQ Platform documentation.

1. On the evidence board, right-click the node you want to view and select the View Details option.
   
   
   
   The ThreatQ object details page opens in a new browser tab