View objects and events using a dynamic and interactive visualization.
The Execution Profile offers a visualization of objects and events using a dynamic
and
interactive chain view instead of static analysis results. You can adjust the view
by expanding
or collapsing the chain to focus on the objects and events you want to investigate.
Click Save Progress to save the current view. Saved Execution Profiles generated directly from Observed Attack
Techniques or the Search app are only accessible using the provided URL.
The following table describes the elements that comprise the Execution Profile.
|
Element
|
Description
|
|
|
Left panels
|
Observed Attack Techniques
|
Lists the individual events detected in your environment and related
MITRE information
Click View event to further examine the event details in the Observed Attack Techniques app.
|
|
Endpoints
|
Lists the affected endpoints and highlighted objects of the alert
|
|
|
Graph
|
Chain view
|
Visualizes objects and events to facilitate an interactive investigation
Click any node to view the detailed profile and check related events of the object.
The initial analysis chain shows the most critical events as a baseline and allows
you to add more events to the chain if necessary.
|
|
Right tabs
|
Profile
|
Displays the details applicable to the selected object
|
|
Events
|
Displays the actions performed by the selected object
Expand each action to review the objects involved in the event and choose to dynamically
show them in or hide them from the chain view.
|
|
|
Sources
|
Displays the point of origin for the selected object, which is the
additional information not shown in the chain view
|
|