A security investigation system uses a central server to distribute requests for security information regarding an asset, receive responses, and manage the information in the responses in a case object. Requests may be distributed to various servers, each of which may have an agent that may receive the request, search various databases, logs, and other locations, and generate a response. A case object may be continually updated in some embodiments. The case object may be viewed, analyzed, and other requests generated using automated or manual tools. A case object may be sanitized for analysis without compromising sensitive information.