While Security Incident, and Investigation feature are great built-in capabilities in Azure Security Center for identifying and further investigate a security issue, do not ignore the power of the Search capability to help you find the root cause of the problem. These two posts below are some common scenarios of how to use search to identify suspicious activity:
Using Search in Security Center to find Indicators of Compromise
Searching for suspicious user in Azure Security Center
