TQI - Create Investigation Transcript

1
00:00:10,710 --> 00:00:14,948
This video will walk you through the steps to create a ThreatQ Investigation.

2
00:00:15,715 --> 00:00:19,085
To begin, there are several ways to create an investigation.

3
00:00:19,919 --> 00:00:23,089
You can click on the Create button and select Investigation.

4
00:00:24,958 --> 00:00:28,762
You can click on the Investigations heading in the top navigation menu.

5
00:00:29,429 --> 00:00:35,368
If you are not part of any existing investigation, you’ll be presented with the Investigations welcome page.

6
00:00:36,036 --> 00:00:38,405
Click on start your first investigation button.

7
00:00:39,272 --> 00:00:43,710
If you have previously created an investigation, or have had one shared with you

8
00:00:44,110 --> 00:00:47,914
the Investigations overview page will load instead of the welcome page. 

9
00:00:48,248 --> 00:00:49,616
Click on Create Investigation

10
00:00:51,551 --> 00:00:55,622
You can also create an investigation from an individual object’s details page 

11
00:00:55,989 --> 00:00:59,659
by clicking on the Actions dropdown and selecting Start an Investigation.

12
00:01:00,794 --> 00:01:03,463
The Create Investigation dialog box will open

13
00:01:04,330 --> 00:01:05,932
Enter a name for the Investigation.

14
00:01:08,368 --> 00:01:10,270
Select Open as a Status. 

15
00:01:10,870 --> 00:01:14,707
You can update this field to closed once you have completed your investigation.

16
00:01:15,675 --> 00:01:16,943
Select a priority.

17
00:01:17,243 --> 00:01:19,813
Your options include Normal and Escalated.

18
00:01:20,280 --> 00:01:23,550
You should follow your organization’s SOPs and policies 

19
00:01:23,883 --> 00:01:26,453
to determine what is normal and what is escalated. 

20
00:01:26,786 --> 00:01:28,855
Enter a description for the investigation.

21
00:01:33,993 --> 00:01:34,994
Click on Create.  

22
00:01:36,863 --> 00:01:40,867
If you created the investigation from an individual object's details page 

23
00:01:41,167 --> 00:01:46,539
you will need to navigate back to the Investigations Overview page and click on the investigation.

24
00:01:46,639 --> 00:01:47,373
otherwise

25
00:01:47,407 --> 00:01:50,610
The investigation will be created and the workbench will load.

26
00:01:51,644 --> 00:01:56,349
By default, your investigation will be set to private - as in only you can access it.

27
00:01:56,649 --> 00:02:01,054
You can share the investigation with others on your team by clicking on the Share button

28
00:02:01,588 --> 00:02:07,627
Select the permission level for the users - options include can view, can edit, and make owner.  

29
00:02:08,161 --> 00:02:11,131
Owners can close the investigation as well as share it other users.

30
00:02:12,732 --> 00:02:14,767
Enter the name of the individual to share with.

31
00:02:15,335 --> 00:02:18,471
You can use this option to add as many users as you need.

32
00:02:19,139 --> 00:02:24,144
You can also enter: everybody, to share the investigation with all team members.

33
00:02:25,145 --> 00:02:27,780
Click on Apply to share the investigation.

34
00:02:28,381 --> 00:02:30,617
You can now begin building your investigation 

35
00:02:30,717 --> 00:02:33,219
and collaborating with the team members it was shared with.