search
WebsiteTest DriveStatus

The Platform

This section contains documentation for all major areas of the Dropzone platform. It serves as a high-level guide to help users understand where things live, what each section is used for, and how different parts of the platform fit together.

Use this section as a starting point before diving into feature-specific or best-practice documentation.

hashtag
Platform Navigation at a Glance

The Dropzone platform is organized around a few core workflows:

  • Investigating security alerts

  • Reviewing and prioritizing findings

  • Managing users, access, and configuration

  • Customizing how Dropzone behaves for your environment

Each section below corresponds to a primary area of the UI.

hashtag
Dashboard

The Dashboard provides a high-level view of activity across your Dropzone tenant.

From the Dashboard, you can:

  • Monitor investigation volume and outcomes

  • Track key performance metrics such as time to investigate and analyst time saved

  • Review trends and summaries across investigations

  • See top assets and response metrics at a glance

The Dashboard is typically the first place users land when logging in.

hashtag
Investigations

The Investigations section is where alerts are analyzed and reviewed.

Here you can:

  • View investigations by priority (Urgent, Notable, Informational)

  • Review AI-completed investigations

  • Examine findings, evidence, interviews, and remediations

  • Approve investigations or modify conclusions

  • Leave notes and feedback to improve future investigations

This area represents the core day-to-day workflow for SOC analysts.

hashtag
Chat

The Chat interface provides a lightweight way to query integrated data sources using natural language.

Chat supports:

  • Session-scoped chats for freeform exploration

  • Investigation-scoped chats that include investigation context and entities

Chat is designed for fast, tactical lookups and enrichment—not full investigations—and complements the Investigations workflow.

hashtag
Context Memory

Context Memory stores institutional knowledge that helps Dropzone understand your environment.

Context Memory captures:

  • Facts about users, devices, systems, and networks

  • Organizational context not visible in telemetry

  • Exceptions, known behaviors, and environment-specific details

This knowledge is applied automatically during investigations to improve accuracy and reduce manual research.

hashtag
Team Admin Section

The Team Admin section is where user access and permissions are managed.

From Team Admin, administrators can:

  • Invite and manage users

  • Assign roles (Admin, Member, Restricted Read-only)

  • Activate or deactivate user accounts

  • Review who has access to the tenant

This section is primarily used by Admins and security leaders.

hashtag
Tenant Tree

The Tenant Tree allows users to navigate between multiple Dropzone tenants.

This is especially useful for:

  • MSSPs

  • Organizations with multiple environments

  • Teams managing separate business units or regions

The tenant tree makes it easy to switch context without logging out.

hashtag
Fleet Dashboard

The Fleet Dashboard is a rollup view allowing you to see all your tenants in one place.

circle-info

Note that you will only see the Tenant Tree and Fleet Dashboard if you have a multi-tenant setup of Dropzone. Ask your Sales or Customer Support team if you are unsure if this would provide value to your organization.

hashtag
Settings

The Settings area contains configuration and tuning controls for how Dropzone operates.

Settings is where more advanced functionality lives and is primarily used by Admins.

hashtag
Settings Overview

Within Settings, you can configure:

  • Custom Strategies Define organization-specific logic that influences investigation conclusions, priorities, analysis guidance, and investigation questions.

  • Response Actions and Automations Execute custom Python scripts in response to investigation or system events.

  • System Info View tenant configuration, investigation thresholds, and performance benchmarks.

  • System Events Audit activity across the tenant and export logs for analysis.

  • Integrations Manage alert sources, data sources, connectors, and API keys.

Settings allows teams to tailor Dropzone to their environment, workflows, and risk tolerance.

hashtag
How to Use This Folder

Each subfolder in Platform provides deeper documentation for that specific area of the UI, including:

  • Feature explanations

  • Links to Best practices

  • Setup guides

  • Usage examples

If you’re new to Dropzone, start with:

  1. Dashboard

  2. Investigations

  3. Chat

Admins and advanced users should also review:

  • Settings

  • Context Memory

  • Custom Strategies

hashtag
Summary

This section provides a map of the Dropzone experience. It explains what each part of the platform does and where to find it, helping users quickly orient themselves and understand how different workflows connect.

For detailed configuration or best practices, refer to the individual documents within each section.

PreviousOnboarding with DropzoneNextThe Dashboard

Last updated

Was this helpful?