IBM Security Threat Investigator

IBM® Security Threat Investigator automatically analyzes and investigates cases to help you make more informed decisions.

Threat Investigator shows potential threats and the assets that are impacted, helping you determine the criticality of exposure, how many systems are at risk, and the level of remediation effort required. By viewing the historical timeline of threats within your organization, you can better understand dwell times and the stage of the threat.

How Threat Investigator works

Threat Investigator works with Case Management to find cases that warrant an investigation and automatically starts investigating. The investigation fetches the artifacts that are attached to the case and then starts data mining. After Threat Investigator completes several rounds of data mining, it generates a timeline of the incident that consists of MITRE ATT&CK tactics and techniques and a MITRE ATT&CK chain graph of the incident.

Figure 1. Threat Investigator workflow diagram
Threat Investigator Workflow Diagram