Home

Investigation and Response

Investigate incidents

Investigate incidents for active threats by Malware name and malware family name. Here all the incidents detected on an asset are listed here. Know the OS and host on which the incident was detected, the events detected, and other information at quick glance.

Incident tab data list

To know more about the incident, click on the incident description and in the Incidents Details, view information like Timeline, Process Tree, Asset Details etc. If the risk score is zero then the incident is considered non malicious.

View the Incident Details

The incidents can also be remediated from the Incident Details. Navigate to the Timeline tab to view the timeline of the detected event and choose a remediation action if applicable.

Timeline actions in Incident Details

You can also take remediation action from the Process tree tab.

Process Tree view in Incident Details

Hunting events

The Hunting tab, has the following two sub tabs:

- Current View: This tab lists all the events that are active on the assets.

- Historic View: This tab list all the events registered and executed on the asset.

Search for events by event properties (1), jump to events that occurred in certain time frame (2), group events by type (3), view event details and asset details (4).

Check out our tutorial

The Event Details page lists more information for each event. Know more

hunting

Assets Monitored

Get up to date views on a selected asset's details, its events and incidents. Using the Quick action menu, view the Asset Details. Event Details, and Incident details.

Assets Datalist in Assets tab

You can also view assets that have active threats. In the Active Threats by Host tab view details like asset score, number of infections, malware family the threat belongs to, etc at a glance.

LIst of active threats by host in assets tab