# Investigate

Guided investigations run a chosen workflow against one indicator and hand back a clear picture of what it is and what it connects to.

## 1. Pick your investigations

Choose one or more investigation workflows to run, then point them at any indicator. Browse the full set under [Workflows](/docs/workflows).

![The Guided Investigation launcher: a headline reading Investigate the internet's infrastructure, a search box, and a chosen investigation workflow with an option to add more.](/docs/shots/investigate-launcher.png)

*Pick one or more investigation workflows to run on any indicator.*

## 2. Give it an indicator

Type a domain, IP, network, or organization; the console detects the type.

![The investigation search box with a domain typed in and its type detected as a hostname.](/docs/shots/investigate-omnibox.png)

*Give it an indicator. The type is detected as you type.*

## 3. Run a workflow

Each workflow opens with a description, sample indicators, category filters, and related workflows. Press Run.

![The Threat Investigation workflow view, shown with demo data: a description, a search box with sample indicators, category filters, and a list of related workflows.](/docs/shots/investigate-indicator.png)

*A workflow, ready to run: sample indicators, category filters, and related workflows. Demo indicators are illustrative.*
