The Analysis Chain displays object types and object relationships using the following
icons:
Object Rating
|
Icon
|
Name
|
Description
|
|
First Observed Object
|
The first object in the Analysis Chain, suspected to be responsible for introducing
the
security threat to the target endpoint
This is often the entry point of a targeted attack.
|
 |
Detection
|
Marks the detected threat that Worry-Free Services uses to create the
Noteworthy Event
|
|
Normal Object
|
Marks objects that have been verified to not pose a
threat
These are usually common system files.
|
|
Unrated Object
|
Marks objects that have not yet been rated
|
|
Suspicious Object
|
Marks objects that exhibit behaviors that are similar to known
threats
|
|
Malicious Object
|
Marks objects that match a known threat
|
Object Type
|
Icon
|
Name
|
Description
|
|
Browser
|
Objects that are capable of displaying web pages, usually
a web browser
|
|
Email client
|
Objects that can send and receive email messages, usually
an email client or server
|
 |
Email message
|
Objects identified through use of the Cloud App Security
integration email correlation feature
|
 |
File
|
Objects that are files on the disk
|
|
Network
|
Objects related to network connections or the Internet
|
|
Process
|
Objects that are processes running during the time of
execution
|
|
Registry
|
Objects that are registry keys, entries or data
|
Object Interaction
|
Icon
|
Name
|
Description
|
|
Event
|
Indicates actions done by the object
|
|
Association
|
Indicates relationships between two objects
|
Action/Result
|
Icon
|
Name
|
Description
|
 |
Deleted
|
Indicates that the threat was removed from the
system
|
 |
Blocked/Terminated/Quarantined
|
Indicates that an object was blocked, a process was
terminated, or a file was quarantined
|
 |
Action Unsuccessful
|
Indicates that the action taken on a malicious object
was not successful
|
 |
Cleaned
|
Indicates that an infected file was restored to normal
and no longer poses a threat
|