Views:
The analysis chain shows object types using the following icons:
Icon
Name
Description
l-object-first-ob.png
First Observed Object
Marks an object that most likely created the matched object
l-object-matched.png
Matched Criteria
Marks objects matching the investigation criteria
l-object-normal.png
Normal Object
Marks objects that have been verified to not pose a threat
These are usually common system files.
l-object-unrated.png
Unrated Object
Marks objects that have not yet been rated
l-object-suspicious.png
Suspicious Object
Marks objects that exhibit behaviors that are similar to known threats
l-object-malicious.png
Malicious Object
Marks objects that match a known threat
l-type-boot.png
Boot
Objects that launch during system startup
l-type-browser.png
Browser
Objects that are capable of displaying web pages, usually a web browser
l-type-email.png
Email client
Objects that can send and receive email messages, usually an email client or server
icon-emailmsg.png
Email message
Objects identified through use of the Cloud App Security integration email correlation feature
l-type-file.png
File
Objects that are files on the disk
l-type-network.png
Network
Objects related to network connections or the Internet
l-type-process.png
Process
Objects that are processes running during the time of execution
l-type-registry.png
Registry
Objects that are registry keys, entries or data
l-action-event.png
Event
Indicates actions done by the object
l-action-association.png
Association
Indicates relationships between two objects