Whisper · Docs
Console

Investigate

Guided investigations run a chosen workflow against one indicator and hand back a clear picture of what it is and what it connects to.

1 · Pick your investigations

Start on the launcher. Choose one or more investigation workflows to run, then point them at any indicator. Browse the full set from Workflows.

The Guided Investigation launcher: a headline reading Investigate the internet's infrastructure, a search box, and a chosen investigation workflow with an option to add more.
Pick one or more investigation workflows to run on any indicator.

2 · Give it an indicator

Type a domain, IP, network, or organization. The console detects the indicator type as you go, so the right checks run against it.

The investigation search box with a domain typed in and its type detected as a hostname.
Give it an indicator. The type is detected as you type.

3 · Run a workflow

Each workflow opens with a plain description of what it does, a few sample indicators to try, category filters, and a list of related workflows to pivot into. Press Run to execute it against your indicator.

The Threat Investigation workflow view, shown with demo data: a description, a search box with sample indicators, category filters, and a list of related workflows.
A workflow, ready to run: sample indicators, category filters, and related workflows. Demo indicators are illustrative.