Upgraded Detections Experience

The redesigned Detections and Cases UI simplifies triage by bringing everything into one unified workspace—eliminating the need to navigate across multiple screens. Analysts can view related activities, entity graphs, MITRE timelines, UEBA-based detections, detections and their events, original raw events, and matching rule details at a single glance.

Powered by Garuda AI, the platform enables intelligent exploration of detections and faster decision-making. Analysts can orchestrate responses, create or merge cases, change severity, and dismiss detections—all from a single interface—delivering a seamless and efficient SIEM experience.

The Detections page consists of three primary tabs: Detections, Cases, and Orchestration.

• Detections This tab provides a centralized view of all detections, including detections, correlated events, UEBA insights, timelines, and rule context. Analysts can investigate detections in depth and take immediate actions such as changing severity, dismissing detections, or creating and merging cases—without leaving the page.

• Cases The Cases tab is dedicated to case management. Analysts can view cases along with their associated detections, track investigation progress, update case status, adjust severity, reassign and dismiss detections based on investigative findings. This ensures structured incident handling and clear ownership throughout the response lifecycle.

• Orchestration Detection Orchestration enables automated handling of detections over time based on defined criteria. Orchestration rules match detections using specific conditions and trigger predefined actions at the detection level. These actions can be automated or guided by analyst investigation, helping teams scale response efforts, reduce manual work, and ensure consistent remediation.