Collection
Systematically gather artifacts, telemetry, and forensic evidence from endpoints, servers, cloud services, network devices, and security tooling. Aggregate logs from SIEM, EDR, identity providers, email gateways, and proxy infrastructure to build a comprehensive dataset for timeline reconstruction and root cause analysis.
Phishing Artifact Collection: Headers, URLs, Attachments
P1Phishing Artifact Collection
60min
View node
EDR Telemetry Collection
P2EDR Collection
120min
View node
M365 Unified Audit Log Collection
P2M365 UAL Collection
90min
View node
Collect DLP Policy Alerts and Hits
P2DLP Alerts
45min
View node
Azure AD Sign-In and Audit Log Collection
P2Azure AD Logs
60min
View node
Identify Alternative Evidence When Primary Logs Are Missing
P2Missing Log Fallback
60min
View node
Collect and Analyze Web Server Logs for Web App Compromise
P2Web Server Logs
90min
View node
Coordinate Log Collection from Third-Party Vendors
P3Third-Party Logs
120min
View node