The Event Details page list all the information about the events. To view the Event Details page, click Quick Actions > Event Details.
From the Event Details page, you can perform the remediation actions (Quarantine File/ Delete File/ Kill Process) on File, Mutex, Network, and Process events. For more information on remediation action, see Remediation.
MITRE ATT&CK defines the tactics, techniques, and procedures that are leveraged by adversaries and malware. EDR helps detect malicious behavior on the endpoint by evaluating the events in context with MITRE ATT&CK.
Events registered on the agents are analyzed, and appropriate ATT&CK tactics and techniques are applied on the Event Details page.
Click Event Details > Process Tree tab, to view the process tree for File, Process, Mutex, Registry, and Network events. The process tree displays all the related events of the selected event.
An event of the “Process” type will show its parent and child processes along with the mutex and network connection of the process. For the event of Network type, you see network connection of a process and for the event of Mutex type, mutex connection of a process.
In the process tree view, the selected event node is highlighted with the blue color. You can traverse between the nodes by clicking a node in the hierarchy. You can click on the (+) and (-) to expand and collapse the tree nodes and display the related events.
You can click on the event node to view the details of the selected node in the right pane. To help you identify event types of nodes in a hierarchy view, similar events are grouped under an event type (example: Mutex or Network) and respective event icons are added against the node.
Process tree view displays a zoom bar and reset option.