Help Document

Incident Workbench


  • The Incident Workbench is Log360 Cloud's investigation console that unifies analytics of the core entities such as users, processes, and threat sources.
  • This feature facilitates users to add, compare, and analyze data with enriched integrations like Advanced Threat Analytics, and process hunting tree.
  • Utilize the contextual assesment with risk based profiling, conduct faster root cause analysis, and minimize the overall time taken to investigate and resolve threats.



Here are the entities you can analyze using Incident Workbench:

  • Users

    Analytics offered: ML-based user activity and risk score data compiled through UEBA integration from Log360's suite.

  • Process

    Analytics offered: Process hunting tree with parent-child relationships and event timeline.

  • Threat sources

    Analytics offered: Risk analysis from security vendors using Advanced Threat Analytics integration.

Access and usability:

  • Access: The Incident Workbench can be invoked from multiple dashboards of Log360 Cloud such as reports, log search, compliance, alerts, and more.
  • Users can add upto 20 tabs in a single instance of the Incident Workbench and save it to an existing incident or create a new incident.