Get search results in seconds with the speed of a schema-on-write architecture. Explore custom dashboards, dive into events of interest, and navigate underlying data.

Allows you to manage security data per petabyte. Keep it for as long as you want and take advantage of the big picture when you need it most.

Collecting host data and blocking malware is easier than ever. Deploy an agent to your endpoints and complete new use cases with just one click.

Quickly ingest and analyse data from your cloud, network, endpoints, applications, or really, any source you want.

View specific host and network events for data senders and agents. Expand each category for specific host counts or network events related to the category.

Key network activity metrics and an interactive map, network event tables that allow interaction with the timeline. You can drag and drop items of interest from the network view to the timeline for further investigation.

Provides a visual overview of your network traffic. It is interactive, so you can start exploring data directly from the map.

Overview of all signals created by signal detection rules. It is also the place where you can enable predefined rules and create new rules. Detections (beta) provides a detailed description of detections and how to use them.

Use Timeline as your workspace for threat search or alert investigations. Data from multiple indexes can be added to a timeline, allowing you to investigate complex threats, such as lateral movement of malware on hosts on your network.

The Hosts view provides key metrics regarding host-related security events and a set of data tables that allow you to interact with the Timeline Event Viewer. You can drag and drop items of interest from the tables in the Hosts view to the Timeline for further investigation.