Online Help Center Home
Privacy and Personal Data Collection Disclosure
Preface
Introduction
- Introducing Apex Central
Getting Started
Managed Product Integration
Policies
- Policy Management
  - Policy Management
  - Policy Status
- Policy Resources
Detections
Threat Intelligence and Response
Tools and Support
Appendices

Preliminary Investigations in Endpoint Sensor

Preliminary investigations assess historical events and root cause chains based on specified criteria. The results can be viewed as a root cause analysis map showing the execution flow of any suspicious activity. This facilitates the analysis of the enterprise-wide chain of events involved in a targeted attack.

Preliminary investigations use the following object types for its investigation:

DNS record
IP address
File name
File path
SHA-1 hash values
MD5 hash values
User account

Preliminary investigations query a normalized database containing an endpoint's historical events. Compared to a traditional log file, this method uses less disk space and consumes fewer resources.