Who is this for? MSP/MSSP Partners, SOC Analysts
Faster, More Intuitive Investigation
The latest updates to the ContraForce Workbench make it easier than ever to investigate security incidents:Unified Incident View
- All related alerts consolidated into a single incident view
- Timeline of events across all data sources
- Entity relationships visualized in the Entity Context Graph
Enhanced Entity Enrichment
When you investigate an entity, ContraForce now automatically enriches it with:- User entities — Sign-in logs, audit history, group memberships, risk signals
- Device entities — Device details, installed software, recent activity
- IP addresses — Geolocation, threat intelligence, historical activity
- Files — Hash lookups, prevalence data, detection history
Streamlined Actions
Take response actions directly from the investigation view:- Isolate devices without leaving the incident
- Disable user accounts with a single click
- Block IPs or URLs across customer tenants
- Quarantine files and soft-delete malicious emails
Improved Context
The Workbench now provides more context to help analysts make faster, more informed decisions:| Enhancement | Benefit |
|---|---|
| Related incidents | See other incidents involving the same entities |
| Historical patterns | Understand if this behavior is normal |
| Threat intelligence | Automatic correlation with known threats |
| Customer context | Relevant information about the affected workspace |
Quick Summary
- Unified incident view consolidates all related alerts and shows entity relationships in the Entity Context Graph.
- Enhanced entity enrichment automatically adds sign-in logs, device details, threat intelligence, and more.
- Streamlined response actions let you isolate devices, disable accounts, and block threats without leaving the incident.
- Improved context includes related incidents, historical patterns, and threat intelligence correlation.
Questions? Contact us at [email protected].