Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.truu.ai/llms.txt

Use this file to discover all available pages before exploring further.

Investigations are tracked cases in Enforce that tie a subject user to a threat signal and the work your team does to assess and resolve it. The Investigations page groups them by workflow state so you can see what is active, what is waiting for assignment, and what is closed.
Enforce Investigations
Investigations view may have a different look and interface if you’re not using TruU Passwordless. So kindly use this documentation as only a reference in that case.

Overview

An investigation represents a single enforcement case: who is involved, what kind of threat the platform surfaced, a short narrative summary (typically AI-generated), and who opened or is working it. Investigations are the operational record that connects risk assessment in Predict to resolution and enforcement actions.

Investigation Cards

Each card surfaces the investigation ID (for example INV-C2B36584-C000-46A…) for reference in tickets and audits. The subject is shown by name. A threat type badge summarizes the category at a glance. A description gives the investigation summary. Avatars indicate who opened the case or is collaborating. The footer shows status and relative time (for example “You opened | a month ago”). Use the more menu (three dots) for actions specific to that investigation.

Investigation Statuses

The page uses three tabs:

In Progress

Cases your team is actively working. Counts reflect how many investigations are in this state (for example “In Progress (3)”).

Pending

Investigations that are open but not yet picked up. Use this tab to triage new work and assign ownership.

Completed

Closed investigations. For history and review patterns, see Past Investigations.

Threat Types

Badges map to high-level categories:

Identity Vulnerability

Displayed with a blue badge. Indicates identity- or credential-related risk signals that warrant verification or corrective steps.

Insider Threat

Displayed with an orange badge. Highlights elevated concern for insider-risk scenarios; workflow and enforcement choices often align with policy.

Unknown / Not Classified Yet

Displayed with a gray badge. General external or policy-relevant threat context surfaced for analyst review, and can be classified by the user.

Opening an Investigation

Investigations are created from assessment and triage workflows (for example when you escalate from Predict). Opening a case attaches you (or your team) as participants, sets the initial tab (often Pending or In Progress depending on configuration), and preserves the threat summary on the card. To finish a case, follow Closing an Investigation.