Make investigations work for you

Custom dashboard charts from investigations

Creating custom charts for the dashboard is a great way to focus on known issues or common search queries. If you find yourself conducting the same search time and time again within the investigation tool, you should create a custom chart to add to your dashboard.

When users create a custom chart, it will only be available from their own login. Once you are finished with a custom chart you can easily delete it without affecting other security center admins.

To create a custom chart:

  1. Start in the investigation tool.
  2. Click the ellipsis on the right-hand side.
  3. Choose Create Custom Chart.

Activity rules from investigations

Activity rules are automated rules based on log events within the Investigation Tool. Through activity rules, you have the ability to create alerts and enable remedial actions. These are useful for automating some activities based on a data source and trigger.  

You can monitor activity and change the threshold of alerts before making a specific rule active.

Currently you can only set activity rules for the entire domain. There is no granularity by OU or group so every rule is either ON or OFF.

Follow these instructions to create an activity rule.