October 30, 2023—Case Management now offers integration with Forensics. This allows
you to create a Forensics workspace specifically for endpoints included in a Workbench
insight or alert. From there, you can perform quick responses such as isolation, Osquery,
and YARA process scanning within the Forensics app.
Additionally, you can gather advanced digital evidence from the endpoints in Forensics
to conduct a more thorough analysis, identifying root causes and constructing an attack
chain using the Forensics timeline.
Once you establish the attack chain, you can add the timeline to a case to record
the location of the results.