Cloud Incident Response Blog | Cado Security

Saved Searches Drive Consistent Investigations

Written by jbowen@cadosecurity.com | Dec 28, 2023 5:05:07 PM

Recently we talked about “NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response” and the emphasis it places on having a consistent, methodical approach to investigations.

We’ve long since had automation rules that allow a consistent, automated approach to collection, but for the examination and analysis of collected data, Cado recently introduced saved search functionality. This allows users to create a search and reuse it, sharing it across multiple investigators in your organization and allowing them to follow a consistent process in investigating an incident. You can create searches that can be used across all projects, or ones that you want to restrict to a particular investigation

What’s more, Cado deploys with dozens of predefined search queries, categorized according to the overall goal of what you’re trying to investigate.

By having this library, you’re able to create a consistent investigative approach, and even offload some of the initial investigative tasks to analysts who might not yet have developed deep expertise.

Cado also enables users to define their own saved search. This means users can preserve critical queries and easily share these with other team members. This saves precious investigation time and helps empower more novel analysts.

Cado's rich search interface helps security teams understand the root cause and scope of incidents faster. Interested in learning more? Reach out to our team.