The Analysis Chains tab displays
the Root Cause Analysis and also highlights additional information which might be
beneficial to
the investigation.
Threat Investigations can correlate information from Endpoint
Sensor, Cloud App Security, and Active Directory to display attack information about
an endpoint,
user account, and possible email attack vectors throughout your network.
Information
|
Description
|
||||
Target Endpoint
|
Displays details about the endpoint that was
investigated
Click the endpoint name and user name to view details.
Click Isolate Endpoint to disconnect
the endpoint from the network. During isolation, the agent can only communicate with
the
server.
|
||||
First Observed Object
|
The first object in the analysis chain suspected to have
been responsible for the creation of the investigated object.
This is often the entry point of a targeted attack.
Hover over an object and click to locate the object in the
Analysis Chain.
|
||||
Matched Objects
|
Displays the object or a list of objects matching
the investigation criteria
Hover over an object and click to locate the object in the
Root Cause Analysis.
|
||||
Noteworthy Objects
|
Highlights objects in the chain that are possibly
malicious, based on existing Trend Micro intelligence
The value counts the number of unique noteworthy objects
in the chain.
Click to view the list of noteworthy objects.
Hover over an object and click to locate the object in the
Analysis Chain.
|
||||
Root Cause Analysis area
|
Displays a visual analysis of the objects involved in an
event
Click any available node to view more information about the
selected object.
For more information on how to interpret Analysis Chains,
see:
|
NoteTo export the data, click and perform one of the following:
|