...
| Info |
|---|
Auto-investigate in DeepTrace DeepTrace does not allow grouping tables. When you click on Auto-investigate in DeepTrace the auto-investigation queryopens your query without grouping. Here you can also modify the query that is going to be investigated by DeepTrace. rawMessage field required The rawMessage field must be included in the Auto-Investigation query definition ( |
Data search
You can select suspicious events and send them to DeepTrace for investigation by clicking on the Engine tool button → New → Investigate in DeepTrace. You can also drag the DeepTraceicon from the tools to the main bar.
You can select one or more events from the table to send them to DeepTrace, or right click on the event to send it.
...
The DeepTrace icon remains in the toolbar if you log out or change domain, otherwise, it is removed. |
| Info |
|---|
Why can't I see that option? This option is only available when there is no grouping and at least one event is selected in the table. |
...