Analysis Chain (Legacy)

The Analysis Chain tab displays the root cause analysis and provides additional information which might be beneficial to the investigation.

Information

Description

Target endpoint

Displays details about the endpoint that was investigated.

First observed object

The first object in the analysis chain suspected to have been responsible for the creation of the investigated object.

This is often the entry point of a targeted attack.

Hover over an object and click to locate the object in the root cause analysis.

Matched objects

Displays the object or a list of objects matching the investigation criteria.

Hover over an object and click to locate the object in the root cause analysis.

Noteworthy objects

Highlights objects in the chain that are possibly malicious, based on existing Trend Micro intelligence.

The value counts the number of unique noteworthy objects in the chain.

Hover over the value to view the list of noteworthy objects.

Hover over an object and click to locate the object in the root cause analysis.

Root cause analysis area

Displays the root cause analysis map.

Click any available node to view more information about the selected object.

Right-click any node to open the context menu and choose an action to perform.

For more information on how to interpret Analysis Chains, see: