With Session View, Incident Responders can quickly get all details of network flows and narrow their investigation focus before retrieving artifacts, greatly improving the efficiency of an investigation.
This new analysis tab, Sessions, offers a way to view and filter sessions seen by Security Analytics. A session is a defined conversation between two endpoints. By filtering the sessions for a specific time range and for certain attributes, you can diagnose and troubleshoot network problems. A Detail View is also available; it shows over 30 different fields for the selected session, including application_group, bytes, flow_duration, ip_protocol, and packets.
Users can customize views to exactly what they need and how they prefer to work. Customer feedback confirms this feature will significantly reduce the time to answers and ultimately faster incident resolution.
Search flows, quickly add elements to search bar and speed resolution