View objects and events using a dynamic and interactive visualization.
The Execution Profile offers a visualization of objects and events using a dynamic
and
interactive chain view instead of static analysis results. You can adjust the view
by expanding
or collapsing the chain to focus on the objects and events you want to investigate.
Click Save Progress to save the current view.
 |
NoteSaved Execution Profiles that you generated directly from Observed Attack Techniques
or the
Search app are only accessible using the provided URL.
|
The following table describes different elements that compose the Execution Profile.
|
Element
|
Description
|
|
|
Left panels
|
Observed Attack Techniques panel
|
Lists the individual events detected in your environment and related
MITRE information
You can click View event to further check the
event details in the Observed Attack Techniques app.
|
|
Endpoints panel
|
Lists the affected endpoints and highlighted objects of the alert
|
|
|
Graph section
|
Chain view
|
Visualizes objects and events to facilitate an interactive investigation
You can click any node to view the detailed profile and check related
events of the object. The initial analysis chain shows the most critical events as
a
baseline and allows you to add more events to the chain if necessary.
|
|
Right panels
|
Profile tab
|
Displays the details applicable to the selected object
|
|
Events tab
|
Displays the actions performed by the selected object
You can expand each action to check the objects involved in the event
and choose to dynamically show them in or hide them from the chain view.
|
|
|
Sources tab
|
Displays the point of origin for the selected object, which is the
additional information not shown in the chain view
|
|