# Where to Spend Your Time

#### Areas important to SOC Operations

### **Endpoint Security**

* Visão geral das detecções
* Fila de incidentes
* Fila de detecções
* Regex Rules
* Whitelisting
* Hashes, IPs, Domains

<div align="left"><figure><img src="https://4024756925-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZbLrq3t9Su3CqGmkXz7o%2Fuploads%2FPL4T2gkEv8Zw0TLnVPlT%2Fimage.png?alt=media&#x26;token=423d6898-5bae-4e29-a4b7-9017384664e4" alt="" width="394"><figcaption></figcaption></figure></div>

### **Investigate**

* CQL Searching of Raw Endpoint logs
* IP, hash, domain, user quick lookups
* Reports, Event searches, Prebuilt dashboards for hunting, host timelines, etc.

<div align="left"><figure><img src="https://4024756925-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FZbLrq3t9Su3CqGmkXz7o%2Fuploads%2FdoAawfBAZ1y3z3NQtnCa%2Fimage.png?alt=media&#x26;token=d5ddb079-d2f8-4f39-92e9-5080281c04f3" alt="" width="395"><figcaption></figcaption></figure></div>