Overview

McAfee® Investigator is an advanced investigative system that assists the security analysts at security operations to quickly investigate events, collect evidence, and report uncommon or strange network security incidents.

Security analysts across organizations are not adequately skilled to resolve complicated threats that turn up every day. McAfee Investigator uses Artificial Intelligence techniques to accelerate investigations and provides decision support to identify the root cause of a threat to help close the investigation.

McAfee Investigator contributes in these critical areas:

  • Investigation guides — Performs investigation by a series of dynamic choices driven by an emerging picture of attack. Investigation guides use acquired expertise to determine what questions to ask (or hypotheses to formulate) in a particular context, and how and where to look for answers.
  • Institutional knowledge — Captures analytics-driven insights about your organization to reveal the hidden activities of events.
  • Smart orchestration — Automates workflow and keeps the analysts in the loop, when required.

Key benefits

  • Provides case data automatically to quickly identify the root cause of a threat and close the investigation.
  • Reduces time spent on low-priority investigations.
  • Processes more cases quickly with better quality.
  • Investigation guides and relevant insights educate analysts about the right questions and hypotheses within the workflow.