Online Help Center Home
Preface
Introduction
- Introducing Control Manager
Getting Started
Managed Product Integration
Security Monitoring
Tools and Support
Automation API Guide
Appendices

Retro Scan in Endpoint Sensor

Retro Scan investigates historical events and their activity chain based on a specified search condition. The results can be viewed as a mind map showing the execution flow of any suspicious activity. This facilitates the analysis of the enterprise-wide chain of events involved in a targeted attack.

Retro Scan uses the following object types for its investigation:

DNS record
IP address
File name
File path
SHA-1 hash values
MD5 hash values
User account

Retro Scan queries a normalized database containing an endpoint's historical events. Compared to a traditional log file, this method uses less disk space and consumes less resources.