As we can see above in the image, on the Monitoring tab, we have 3 sections: Main Channel, Investigation Channel and Closed Alerts
The "Main Channel" will have all the alerts currently available to the SOC, anyone in the SOC can see these alerts, and take ownership of them.
The "Investigation Channel" is a place where you can get details about cases that you've taken ownership, here you can "create a case" and "close an alert" that you have ownership of.
**Note:** Clicking "Create a case" gives you access to the Playbook:
The "Closed Alerts" tab is the place where you can find a history of all your closed alerts and review them.
As we can see in the image, here we can filter by different criteria such as IP addresses to find network logs.
As we can see in the image, here we can see the open and closed cases that we have/had ownership of.
As we can see in the image above, the EndPoint Security tab is a place where we can view EndPoints on the network and get details about them:
Here we see the details of an EndPoint called Cooper, you can see here we can Contain/Isolate the EndPoint from the network from here if needed. You can also see that some of these EndPoints can give us remote access.
We are also able to view details such as processes, network actions, terminal actions and broswer history to help during our analysis.
Here we see that we can filter email addresses to view emails that have been sent to users in the network.
In this tab we can use several different methods to search for known threats from sources like VirusTotal.
