The Insight-Based Execution Profile allows you to focus on objects and events across affected endpoints from a broader perspective, rather than isolated, discrete alerts that may point to the same underlying root cause.
By correlating and grouping related alerts, the Insight-Based Execution Profile visualizes
objects and events on multiple analysis chains to facilitate interactive investigation.
The following table describes different elements that compose the Insight-based Execution
Profile.
|
Element
|
Description
|
|||
|
Left panels
|
Observed Attack Techniques panel
|
Lists the individual events detected in your environment and related
MITRE information
You can click View event to further check the
event details in the Observed Attack Techniques app.
|
||
|
Endpoints panel
|
Lists the affected endpoints and highlighted objects from the associated alerts of
the
insight
|
|||
|
Graph section
|
Chain view
|
Aggregates multiple analysis chains that visualize objects and events for interactive
investigations.
You can click any node to view the detailed profile and check related
events of the object. The initial analysis chain shows the most critical events as
a
baseline and allows you to add more events to the chain if necessary.
|
||
|
Timeline view
|
Displays the events associated with an insight in chronological order.
By default, only the first observed events of an insight are highlighted. You can
use the right arrow (
 ) to progress through the attack step-by-step. |
|||
|
Right panels
|
Profile tab
|
Displays the details applicable to the selected object
|
||
|
Events tab
|
Displays the actions performed by the selected object
You can expand each action to check the objects involved in the event
and choose to dynamically show them in or hide them from the chain view.
|
|||
|
Sources tab
|
Displays the point of origin for the selected object, which is the
additional information not shown in the chain view
|
|||
