Working with Investigations
Investigations are the core organizational unit in EdgeRun.Ai. They help you track, document, and share your security research.
Creating an Investigation
Open the Hunter Portal
Navigate to your Hunter Portal and click the "New Investigation" button in the top navigation or dashboard.
Fill in Investigation Details
Provide a descriptive title and initial notes. Choose a category if applicable (Malware, Phishing, Recon, etc.).
Start Adding Evidence
Add IOCs, URLs, notes, and screenshots using the web portal or Chrome extension.
Investigation Components
Each investigation can contain multiple types of evidence:
| Component | Description | How to Add |
|---|---|---|
| URLs | Web pages related to the investigation | Portal or Extension "Capture Page" |
| IOCs | Indicators of Compromise (IPs, domains, hashes) | Auto-detected or manually added |
| Notes | Your observations and analysis | Portal editor or Extension quick notes |
| Screenshots | Visual evidence of pages or content | Extension "Take Screenshot" |
| AI Research | AI-generated analysis and reports | AI Research panel in portal |
| Timeline Events | Chronological activity log | Automatically tracked |
Adding Content from the Extension
The Chrome extension makes it easy to capture evidence while browsing:
Capturing a Page
- Navigate to the page you want to capture
- Click the EdgeRun.Ai extension icon
- Click "Capture Page"
- Select the investigation to add it to
- Add any notes (optional)
- Click "Save"
Taking a Screenshot
- Click the EdgeRun.Ai extension icon
- Click "Take Screenshot"
- Choose Visible Area or Full Page
- Select the investigation
- Click "Save Screenshot"
Adding IOCs
- Click the EdgeRun.Ai extension icon
- Click "Scan for IOCs"
- Review detected IOCs
- Select which IOCs to add
- Choose the investigation
- Click "Add Selected"
Investigation Timeline
Every investigation automatically maintains a timeline showing:
- When each piece of evidence was added
- Who added it (for team investigations)
- What was added or changed
- Activity metrics like time spent reviewing
The timeline is invaluable for:
- Understanding the investigation progression
- Briefing team members or management
- Creating post-incident reports
- Auditing investigation activities
Using AI Research
Leverage AI to accelerate your investigation:
Quick Search (Search Mode)
Best for rapid triage and basic lookups:
- Open your investigation
- Click "AI Research"
- Select "Search" mode
- Enter your query or select an IOC
- Review results in under 1 minute
Deep Analysis (Thinking Mode)
For connecting dots and pattern analysis:
- Select "Thinking" mode
- Provide context about what you're investigating
- Include relevant IOCs or URLs
- Wait up to 5 minutes for comprehensive analysis
Comprehensive Research (Research Mode)
For thorough intelligence gathering:
- Select "Research" mode
- Define your research objectives
- Include all relevant selectors
- The AI will conduct extensive OSINT gathering
- Results typically ready within 2 hours
Sharing & Collaboration
EdgeRun.Ai makes team collaboration seamless:
- Shared Investigations - Team members can view and contribute to the same investigation
- Real-time Updates - See changes as they happen
- Shared IOC Libraries - Build a team knowledge base of indicators
- Investigation Handoffs - Easily transfer ownership between analysts
Investigation Best Practices
- Use descriptive titles - Make it easy to find investigations later
- Add context in notes - Explain your thought process
- Capture evidence early - Pages and content can change or disappear
- Tag IOCs appropriately - Makes searching and correlation easier
- Use AI modes strategically - Match the mode to your needs
- Review timelines - They help with reports and handoffs