With Event Search, you can view the endpoint event data that sensors have collected. With this data, you can search for signs of threats or find more context for the incident that you are investigating already.
Event Search is designed for advanced incident investigation. It allows you to filter and search for events based on the time they occurred, and on the device and the organization where the event took place.
You can use Event Search to look for specific activities or methods that are associated with specific threats. For example, you can search for a process that has been launched with specific command-line arguments. You can also use Event Search to search for more context for an incident that has been flagged as suspicious.