Isaac is a seasoned investigator and works long hours. He enjoys the personalized message on his login screen when he logs on in the evenings.
Like triage analyst Allyson, Isaac is immediately taken to his In-Basket where he can see alerts in his queue for investigation. Unlike Allyson's queue, these alerts have already been triaged and identified as suspicious. Isaac's job is to conduct a thorough investigation on each alert. He selects the first alert to see the details.
Like Allyson, Isaac reviews the summary details and browses the card containers. However, Isaac will delve deeper with the information, drilling down multiple levels for more specific details.
Alert Details Preview Card
Isaac wants more details on a specific instance in one of the cards so he clicks and it opens in a preview card secondary details. He can expand for tertiary details or flip through the instances on the original cards.
Isaac can expand the card for a large amount of detail relating to the once card instance.
Isaac can also switch views on the lefthand side of the UI to get a different perspective on the information through an alternate visualization.
The dynamic map view lets Isaac toggle on and off the different types of information on the map and timeline.
Map View Preview Card
He can also click on an instance in the map of timeline for a detail preview card with secondary details.
The related items view is a crucial new component to the 2.0 release. It allows investigators like Isaac to see how an alert relates to the other alerts in the system, whether it was flagged by a team member or the analytic, and the hierarchy of the alerts.