Root Cause Analysis Results
To monitor the progress of a root cause analysis task, go to Response > Preliminary Investigation, and click the Root Cause Analysis Results tab.
If an assessment returns a match, administrators may generate a root cause analysis to:
-
List all related objects to the specified criteria
-
Identify if any of the related objects are noteworthy
-
Review the sequence of events leading to the execution of the matched object.
Generating a root cause analysis may take some time to complete.
For details, see Starting a Root Cause Analysis from an Assessment.
The following table lists the investigations details available for review.
|
Column Name |
Description |
|---|---|
|
Status |
Progress of the root cause analysis task |
|
Name |
Name of the root cause analysis task Click to open the Analysis Chains and Object Details screens. For more information, see Analysis Chains. Note:
The task name is not displayed as a link if Endpoint Sensor is unable to generate a root cause analysis, and may be due to the following reasons:
|
|
Criteria |
Criteria specified for the root cause analysis task |
|
Matched Objects |
Number of matching objects found in the endpoint Click the value to view more details. |
|
Asterisk ( ✱ ) |
Indicates an endpoint tagged as Important |
|
Endpoint |
Name of the endpoint containing the matching object Click the Endpoint name to view more details about the endpoint. |
|
IP Address |
IP address of the endpoint containing the matching object The IP address is assigned by the network |
|
Started |
Date and time when the root cause analysis task was started |
|
Elapsed |
Length of time elapsed since starting the task |
|
Creator |
User who created the task |
To delete a root cause analysis task, select an entry in the table and click Delete.
