Using Packet Continuum, an analyst can start from the topology view / connections page to select a connection and then pivot to the global investigator interface to create a search and view packets.

The connections page has many pivot points into the global investigator interface. Each node of the Connection Graph pivots to the investigator to show all events with the selected ip as source ip or destination ip.

Once in the global investigator, users can utilize the investigator features as needed and create a search for packets.

Click through the example workflow below to see how Packet Continuum makes analysis easy.

The Connections page has many pivot points into the global investigator 1. Each node of the Connection Graph pivots to the Investigator to
show all events with the selected ip as source ip or destination ip. 2. Source hyperlink pivots to the Investigator to show all events
with the selected ip as their source ip. 3. Destination hyperlink pivots to the Investigator to show all events
with the selected ip as their destination ip. 4. PktCount hyperlink pivots to the Investigator to show all events with the selected
source ip and destination ip as their source ip and destination ip respectively. Once the user pivots to the global investigator, they can use the investigator features
as needed and create a search for packets from within the investigator as follows: 1) Expand the document by clicking on the arrow. 2) Select JSON.
3) Click copy to copy the text.
4) Click on create search.
5) Then paste and create search. 6) This creates a search. To view the search, click on the search tab.
7) Click on streams to view the stream.
8) Click on packets to view the packets.