Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=InvestigationCreation

Create an investigation

Create your own investigations.

We create investigations for the detections that you're most likely to want to investigate. You can also create an investigation, as follows:

  1. Go to Threat Analysis Center > Investigations.

  2. On the Investigations page, click Actions > Add investigation.

    Actions menu

  3. Enter an investigation name and click Create new investigation.

    Create new investigation dialog

  4. In Investigation record, configure the investigation as follows:

    1. Set the priority to High, Medium, or Low.
    2. Leave the status set to In Progress.
    3. Click Type to assign and select the Sophos Central admins who will investigate.

    New investigation details

  5. In Detection list, click Actions > Add detections.

    Actions menu in Detection list

  6. On the Detections page, select a detection and click Add to investigation.

    Alternatively, click the arrow beside a detection to see its details and select specific reports

    Detection selected

Now you're ready to investigate. See "Investigate detected events" in Investigations.

Note

You can add more detections to your investigation at any time from the Detections page.