Skip to content

asp-case-investigation

asp-case-investigation is a case-centered investigation workflow skill. Use it for triage, evidence review, context enrichment, and next-step recommendations.

Invocation

text
/asp-case-investigation

It combines capabilities such as asp-case, asp-alert, asp-artifact, asp-siem-search, asp-knowledge, asp-enrichment, and asp-comment.

Common Examples

text
/asp-case-investigation investigate case_000001 and provide severity, confidence, and next steps
text
/asp-case-investigation review alerts and artifacts in case_000001 and decide whether it is a false positive
text
/asp-case-investigation identify which evidence is still missing for case_000001

Common CLI commands:

powershell
asp case show case_000001 --output json
asp alert list --case-id case_000001 --output json
asp playbook list --case-id case_000001 --output json