Invoking Zia Insights

    Last updated on:

    In this page

    Overview

    Zia Insights is an AI-powered capability that delivers contextual security insights by analyzing logs, alerts, and incidents. These insights help interpret security activity, identify impacted entities, map observed behavior to the MITRE ATT&CK® framework, and determine recommended response actions.

    This page explains how to invoke Zia Insights from the Search, Alerts, and Incidents modules.

    1. In your account, go to the Search tab.
    2. Perform a search query using either the basic or advanced mode.

      NOTE Refer to this video to learn how to perform log searches.

    3. In the search results, hover over a specific log entry.
    4. Click on the zia icon on the top-right corner of the log entry to view insights generated by Zia.
      Invoking Zia Insights
      Figure 1: Invoking Zia Insights from Search

    Insights provided by Zia Insights for Search

    Zia will process the selected log and display contextual insights, including a summary, associated MITRE ATT&CK® techniques (if applicable), and suggested mitigation steps.

    Invoking Zia Insights
    Figure 2: Zia Insights generated for the selected log

    Invoking Zia Insights from Alerts

    1. In your account, go to the Alerts tab and select Alerts.
    2. Select an alert from the list.
    3. Click on the Zia insights icon displayed at the top-right corner to generate Zia Insights.
      Invoking Zia Insights
      Figure 3: Invoking Zia Insights from Alerts

    Insights provided by Zia Insights for Alerts

    For alerts, Zia Insights provides contextual summary, attack timeline, relevant MITRE ATT&CK® techniques (if applicable), and mitigation steps based on the alert data.

    Invoking Zia Insights
    Figure 4: Zia Insights generated for Alerts

    Invoking Zia Insights from Incidents

    1. In your account, go to the Alerts tab and select Incident.

      NOTE Use the Select view dropdown to filter incidents. Select from All Incidents, Active Incidents, Critical Incidents, or create a new one using Add Custom View.

    2. Select an incident from the list.
    3. Click on the Zia insights icon to generate insights.
      Invoking Zia Insights
      Figure 5: Invoking Zia Insights from Incidents

    Insights provided by Zia Insights for Incidents

    When invoked from the Incident console, Zia Insights provides details on involved actors, a chronological evidence timeline, evidence summary, and relevant MITRE ATT&CK® techniques based on the incident data.

    Invoking Zia Insights
    Figure 6: Zia Insights generated for Incidents

    Read also

    This document explained how to access Zia Insights from Search, Alerts, and Incidents within the product console to generate AI-powered security insights. For a comprehensive overview of Zia Insights and instructions on how to leverage its capabilities effectively, refer to the following articles: