## What You’ll See Here
* **Investigations by priority**\
Tabs showing Dropzone’s recommendation on what to review first:
* **Urgent**
* **Notable**
* **Informational**
These priority levels can be influenced using Custom Strategies.
* **Not yet processed investigation status**
* **Queued**\
Alerts that have been ingested by Dropzone and are waiting to be investigated.
* This stage is used when there are already 10 investigations running at once (the current system limit).
* **Running**\
Alerts that are currently being investigated by your Dropzone analyst.
* **Stopped**\
Alerts that have been ingested but not investigated by Dropzone for a variety of reasons, such as exceeding thresholds set in **System Info** or encountering an error.
* To investigate these alerts, click **Stopped** and then **Retry**.
* **Stopped alerts do not count against your license.**
Best practice: Want to know when an investigation is stopped? Work with your Dropzone team member to set up a notification Response Action.
* **Below investigation priority are filters and a search bar allowing you to narrow the view only to investigations you want to see**\
Filters are of the following types
* **Review Status** - Dropzone learns by reviewing investigations. This will show you how many you have reviewed.
* **Conclusion** - The goal of Dropzone is to provide accurate conclusions. Fine tuning will allow you to influence how this happens.
* **Insight Tag** - Insights about the content of the investigation added by the analyst during an investigation
* **Alert Type**
* **MITRE Tactic**
* **Attach Surface**
* **Source**
Dropzone will save your last session upon exit. This means you will be able to continue your work where you left off instead of having to add filters every time.
* **List of Alerts meeting filter criteria** Below the filters are all alerts matching the search criteria that have been specified. The summary of alerts shows important information about the alerts including the date/time, the title, entities involved, source of the alert, initial Conclusion, and priority.
* **Alert Title** - The Alert Title is a link that will open the detailed view of the investigation.
* **Conclusion** - This can be changed directly from the summary page by clicking the dropdown. This works just like changing the conclusion from the detail page.
* **Priority** - This can be changed directly from the summary page by clicking the dropdown. This works just like changing the conclusion from the detail page.
{% hint style="warning" %}
```
You can **bulk edit** Conclusion and Priority status by selecting multiple items (Checking the box to the left of the alert) which will pop up an option to update all rows that have been selected at the same time.
```
* **Full investigation write-ups**
* Click into any investigation to see the detailed view:
* The overall **Summary**
* Detailed investigative context in **Findings**
* Supporting artifacts in the **Evidence Locker**
* Recommended **Remediations** (for *Malicious*, *Suspicious*, and *Inconclusive* alerts only)
* A **Notes** section for team collaboration
* A **Changelog** showing the full investigation lifecycle from ingestion to approval
