Execution Profile

The Execution Profile visualizes objects and events using a dynamic and interactive chain view, instead of static analysis results.

The following table describes different elements that compose the Execution Profile.

Element

Description

Left panels

Observed Attack Techniques panel

Lists the individual events detected in your environment and related MITRE information

You can click View event to further check the event details in the Observed Attack Techniques app.

Note:

Under Observed Attack Techniques, only detection filters at "Critical", "High", and "Medium" risk levels are listed based on the objects available in the current analysis chain.

Endpoints panel

Lists the affected endpoints and highlighted objects of the alert

Graph section

Chain view

Visualizes objects and events to facilitate an interactive investigation

You can click any node to view the detailed profile and check related events of the object. The initial analysis chain shows the most critical events as a baseline and allows you to add more events to the chain if necessary.

Right panels

Profile tab

Displays the details applicable to the selected object

Events tab

Displays the actions performed by the selected object

You can expand each action to check the objects involved in the event and choose to dynamically show them in or hide them from the chain view.

Sources tab

Displays the point of origin for the selected object, which is the additional information not shown in the chain view