Findings are where security analysts document, in detail, the answers to questions such as: What is it? Where is it? When did it get here? How did it get here?
Tip
In the cases of commodity malware, business email compromise and red team activity, the findings are even more optimized to directly address those specific classes of activity.
Lastly, on every incident you find an alert-to-fix timeline in the findings section in Workbench that describes the activity involved in answering the above questions.