Recently we talked about “NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response” and the emphasis it places on having a consistent, methodical approach to investigations.
We’ve long since had automation rules that allow a consistent, automated approach to collection, but for the examination and analysis of collected data, Cado recently introduced saved search functionality. This allows users to create a search and reuse it, sharing it across multiple investigators in your organization and allowing them to follow a consistent process in investigating an incident. You can create searches that can be used across all projects, or ones that you want to restrict to a particular investigation
What’s more, Cado deploys with dozens of predefined search queries, categorized according to the overall goal of what you’re trying to investigate.
By having this library, you’re able to create a consistent investigative approach, and even offload some of the initial investigative tasks to analysts who might not yet have developed deep expertise.
Cado also enables users to define their own saved search. This means users can preserve critical queries and easily share these with other team members. This saves precious investigation time and helps empower more novel analysts.
Cado's rich search interface helps security teams understand the root cause and scope of incidents faster. Interested in learning more? Reach out to our team.
Tag(s):
Cloud Investigations
More from the blog
View All Posts
Using the Unix-like Artifacts Collector and Cado Community Edition to Investigate a Compromised Linux System
December 13, 2023Continue Reading
Announcements
Cado Security Named on CRN's 2023 Security 100 List
February 22, 2023Continue Reading
Expert Opinion
Our Take: Four Cloud Security Predictions for 2022
January 6, 2022Continue Reading
Subscribe to Our Blog
To stay up to date on the latest from Cado Security, subscribe to our blog today.