TQI Evidence Board Transcript

1
00:00:10.443 --> 00:00:17.817
To begin an investigation, you must add threat intelligence data to the investigation workbench to explore and research.

2
00:00:18.651 --> 00:00:26.292
ThreatQ objects, such as indicators, adversaries, files, signatures, and events appear on the evidence board as nodes.

3
00:00:27.260 --> 00:00:30.964
Enter criteria to search the Threat Library for threat intelligence data.

4
00:00:31.431 --> 00:00:34.100
Click on the object to add it to the evidence board.

5
00:00:34.868 --> 00:00:38.271
The object will appear as a node highlighted on the evidence board.

6
00:00:39.472 --> 00:00:45.578
Relevant information about the object, such as when it was first seen and where it originated, appears on the timeline.

7
00:00:46.646 --> 00:00:50.984
With the object highlighted as the focal point, a summary appears in the action panel.

8
00:00:51.751 --> 00:00:56.956
Note,  when you add an object to the evidence board, it becomes available for further examination.

9
00:00:57.457 --> 00:01:01.828
However, it does not immediately become a part of the current investigation. 

10
00:01:02.562 --> 00:01:08.568
To add the object to the investigation, Right-click on the node and select: Add to Investigation.

11
00:01:09.903 --> 00:01:16.176
You can also remove the object from the investigation by right-clicking on the node and selecting: Remove from Investigation.