One effective way to investigate alerts on SEKOIA.IO XDR is to use the investigation graph.

This graph shows the detected threats (campaign, malware, indicator) along with the observed events and their related fields (usernames, file paths, ip addresses, …).

Unfortunately, the “custom fields” created as part of custom intake formats to represent users' custom applications were not properly displayed on investigation graphs. Precisely, the following two limitations were encountered by our users:

• Custom fields are not displayed on the investigation graph,
• Events produced by custom intake formats have no smart descriptions.

This feature adresses these limitations to increase the investigation capabilities offered by SEKOIA.IO XDR with graph investigation for custom intake formats.