Skip to main content
Affinity/Documentation
Español

Getting Started

  • What is Affinity
  • Sign In
  • Your First 15 Minutes
  • Navigation Map

Integrations (Admin)

  • Integration List
  • Create Integration
  • Start Ingestion
  • Secrets

Logs (Analyst)

  • Overview
  • SQL Queries
  • Search & Export
  • Analytics Mode
  • Share Queries
  • Create Rule from Logs

Alerts (Analyst)

  • List & Filters
  • Details & Management
  • Full View

Detection & Notifications (Admin)

  • Detection Rules
  • Notification Channels

Incident Response (Analyst)

  • Extract IOCs
  • Query IOCs in Logs
  • Export Results

Usage Analytics

  • Ingestion Metrics

Administration

  • User Management

Troubleshooting

  • Common Issues

Reference

  • Glossary
  • Integration Catalog
  • FAQ
  • Step-by-Step Guides

Analytics Mode (Investigation)

Analyst10 min

What it's for

Go deeper on events that matter. Select logs, group them, visualize patterns, and send them directly to Incident Response — without leaving the investigation flow.

Steps

  1. Run a query and get results.
  2. Select rows in the table.
  3. Click the Analytics button (investigation toggle; when active shows `Active Investigation`).
  4. Side panel with tabs: `Selected`, `Groups ({N})`, `Analytics`, `Timeline`.
  5. Actions: Send to IR for IOC Analysis → `/incident-response?from=hunter`, Group, Clear, Exit, Close.

Expected result

  • Active investigation panel with selected events.
  • Option to send to Incident Response in one click.

Tips

  • Do not use "Hunter Mode" — the button is Analytics with subtitle `Investigation`.
  • Combine row selection + `Timeline` tab to reconstruct attack sequence.
  • From IR, Back to Analytics returns you to Logs.

See also

  • Extract IOCs
  • SQL Queries
Previous

Search & Export

Next

Share Queries