The Investigations screen is your home view in Qevlar AI. It provides a list of investigations completed by Qevlar, allowing analysts to quickly review their outcomes, search and apply filters to focus on what matters most.
Each row in the list represents a completed investigation. Clicking on a row will open the Investigation report.
For each investigation, you can see:
- Investigation ID (unique identifier for quick reference, created by Qevlar in order of investigations completed)
- Qevlar Verdict - the outcome of our AI Investigation
- Malicious
- Not harmful
- Inconclusive
- Investigation – a short description of the alert investigated and the investigation’s verdict
- Detection Source - the source technology/tool we ingested the alert from
- Alert ID – the original alert identifier from the source technology/tool
- Initial Severity - the original alert severity
- Client – the organization associated with the investigation. Does not appear if your organization is not setup as an MSSP with multiple clients.
- Date & Time – when the investigation was completed
Unread investigations are highlighted in bold, making them easy to spot at a glance. Clicking on the email button in the UI will change them back to an Unread state.