Findings are where security analysts document, in detail, the answers to questions such as:

  • What is it?

  • Where is it?

  • When did it get here?

  • How did it get here?


In the cases of commodity malware, business email compromise, and red team activity, the findings are even more optimized to directly address those specific classes of activity.

Lastly, in the findings section in Workbench, on every incident you find an alert-to-fix timeline that describes the activity involved in answering the above questions.