Investigate security events by reviewing detected transactions and indicators of compromise.
The Transactions and IOCs section provides information about transactions and indicators of compromise (IOCs)
from the Correlation Graph.
Transactions are listed in order of detection, with the oldest transactions first.
IOCs are listed by highest risk level first. IOCs with matching risk levels are then
listed in order of detection, with oldest detections first.
Click on a correlation line, internal host, external host, or other object in the
correlation graph to filter the transactions and IOCs to those related to the selected
line or object.
Some objects in a transaction or IOC allow you to take additional actions to investigate
the event. Hover over the actions icon (
) to view a list of available actions.
) to view a list of available actions.-
Focus: Focus on the item in the correlation graph.
-
Copy to clipboard: Copy the value to your clipboard.
-
Threat Connect: Open Trend Micro Threat Connect in a new browser tab with a query for this object.
-
DomainTools (WHOIS): Open DomainTools in a new browser tab with a query for this IP address or domain.
-
VirusTotal: Open VirusTotal in a new browser tab with a query for this object.