The Insight-Based Execution Profile allows you to focus on objects and events across affected endpoints from a broader perspective, rather than isolated, discrete alerts that may point to the same underlying root cause.
By correlating and grouping related alerts, the Insight-Based Execution Profile visualizes
objects and events on multiple analysis chains to facilitate interactive investigation.
The following table describes the elements that comprise the Insight-based Execution
Profile.
|
Element
|
Description
|
|
|
Left panels
|
Observed Attack Techniques
|
Lists the individual events detected in your environment and related
MITRE information
Click View event to further examine the event details in the Observed Attack Techniques app.
Observed Attack Techniques only lists detection filters at Critical, High, and Medium risk levels based on the objects available in the current analysis chain.
|
|
Endpoints
|
Lists the affected endpoints and highlighted objects from the associated alerts of
the insight
|
|
|
Graph
|
Chain view
|
Aggregates multiple analysis chains that visualize objects and events for interactive
investigations
Click any node to view the detailed profile and check related events of the object.
The initial analysis chain shows the most critical events as a baseline and allows
you to add more events to the chain if necessary.
|
|
Timeline view
|
Displays the events associated with an insight in chronological order
Trend Vision One highlights only the first observed events of an insight. Use the right arrow (
 ) to progress through the attack step-by-step. |
|
|
Right tabs
|
Profile
|
Displays the details applicable to the selected object
|
|
Events
|
Displays the actions performed by the selected object
Expand each action to review the objects involved in the event and choose to dynamically
show them in or hide them from the chain view.
|
|
|
Sources
|
Displays the point of origin for the selected object, which is the
additional information not shown in the chain view
|
|