To monitor the progress of a root cause analysis task, go to Response > Preliminary Investigation, and click the Root Cause Analysis Results tab.
If an assessment returns a match, administrators may generate a root cause analysis to:
List all related objects to the specified criteria
Identify if any of the related objects are noteworthy
Review the sequence of events leading to the execution of the matched object.
Generating a root cause analysis may take some time to complete.
For details, see Starting a Root Cause Analysis from an Assessment.
The following table lists the investigations details available for review.
Column Name |
Description |
---|---|
Status |
Progress of the root cause analysis task |
Name |
Name of the root cause analysis task Click to open the Analysis Chains and Object Details screens. For more information, see Analysis Chains. Note:
The task name is not displayed as a link if Endpoint Sensor is unable to generate a root cause analysis, and may be due to the following reasons:
|
Criteria |
Criteria specified for the root cause analysis task |
Matched Objects |
Number of matching objects found in the endpoint Click the value to view more details. |
Asterisk ( ✱ ) |
Indicates an endpoint tagged as Important |
Endpoint |
Name of the endpoint containing the matching object Click the Endpoint name to view more details about the endpoint. |
IP Address |
IP address of the endpoint containing the matching object The IP address is assigned by the network |
Started |
Date and time when the root cause analysis task was started |
Elapsed |
Length of time elapsed since starting the task |
Creator |
User who created the task |
To delete a root cause analysis task, select an entry in the table and click Delete.