The screen provides details about a Noteworthy Event and allows you to perform further
investigation on Noteworthy Objects. You can isolate or run an Aggressive Scan on
the affected
endpoint.
-
Use the Status drop-down list to change the event status.
-
Click Actions Taken to view a list of actions taken upon the event.
-
Click
and select Analysis Chain to export the Analysis
Chain to a ZIP file.
The following table describes the sections of the screen:
|
Information
|
Description
|
||
|
Indicator of Attack
|
Provides an overview of the Noteworthy Event. The following information may be
included:
|
||
|
Recommended Actions
|
Lists possible actions you can take to mitigate the threat to your customer's environment
if the Noteworthy Object is malicious.
|
||
|
Endpoint
|
Displays details about the endpoint that was
investigated
|
||
|
First Observed Object
|
Appears as the first object in the Analysis Chain, suspected of introducing the
security threat to the target endpoint.
|
||
|
Security Threat
|
The detected threat that Worry-Free Services uses to
create the Noteworthy Event.
|
||
|
Noteworthy Objects
|
Highlights objects in the chain that are possibly
malicious, based on existing Trend Micro intelligence
The value counts the number of unique noteworthy objects
in the chain.
|
||
|
Analysis Chain
|
Displays a visual analysis of the objects involved in an
event
|
||
|
Details Panel
|
Provides further information about selected objects.
|
and select Isolate Endpoint to
disconnect the endpoint from the network. During isolation, the Security Agent can
only
communicate with the server.
to locate the object in the Analysis Chain.
to learn more about Analysis Chain icons.