The analysis chain shows object types using the following icons:
|
Icon |
Name |
Description |
|---|---|---|
|
|
First Observed Object |
Marks an object that most likely created the matched object |
|
|
Matched Criteria |
Marks objects matching the investigation criteria |
|
|
Normal Object |
Marks objects that have been verified to not pose a threat These are usually common system files. |
|
|
Unrated Object |
Marks objects that have not yet been rated |
|
|
Suspicious Object |
Marks objects that exhibit behaviors that are similar to known threats |
|
|
Malicious Object |
Marks objects that match a known threat |
|
|
Boot |
Objects that launch during system startup |
|
|
Browser |
Objects that are capable of displaying web pages, usually a web browser |
|
|
Email client |
Objects that can send and receive email messages, usually an email client or server |
|
|
Email message |
Objects identified through use of the Cloud App Security integration email correlation feature |
|
|
File |
Objects that are files on the disk |
|
|
Network |
Objects related to network connections or the Internet |
|
|
Process |
Objects that are processes running during the time of execution |
|
|
Registry |
Objects that are registry keys, entries or data |
|
|
Event |
Indicates actions done by the object |
|
|
Association |
Indicates relationships between two objects |
