# Supporting Information

## Supporting Information

The Supporting Information page is a navigation hub that provides quick access to raw forensic data, access logs, and historical security records. Use these tools when investigating a specific incident or auditing access to your data.

<figure><img src="/files/3oXIYVXVWaxrcvETBYbe" alt=""><figcaption></figcaption></figure>

***

### Available Tools

Click any card to navigate to the corresponding tool:

| Card                    | What It Answers                                         | Destination                     |
| ----------------------- | ------------------------------------------------------- | ------------------------------- |
| Classification History  | What is the history of all classification changes?      | Classification Details          |
| External Accounts       | Which AWS accounts are accessing my resources?          | External Accounts               |
| Actions Taken by Users  | What API calls and actions have users performed?        | Audit Activity                  |
| Files Accessed by Users | Which specific files have users accessed?               | Files Accessed by User          |
| Configuration Changes   | What configuration changes have been made to resources? | Inventory > Configuration Drift |

***

### When to Use Supporting Information

These tools are most useful during:

* **Incident investigation** — A suspected attack or breach has been detected and you need to trace exactly what happened.
* **Compliance audits** — You need to demonstrate who accessed what data and when.
* **Access reviews** — You want to confirm that only authorized accounts and users are accessing your resources.
* **Change management reviews** — You want to verify what configuration changes were made and by whom.

For a guided investigation workflow, see [Forensic Analysis](/portal-overview/supporting-information/forensic-analysis.md).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.datadefender.io/portal-overview/supporting-information.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.