The Object Details tab displays the same information as the Root Cause Analysis
tab, but presents the information as a table. It also organizes the objects into the
following
tabs:
-
Objects: Objects involved in the execution of the matched object, grouped by their parent processes. Click ▶ to expand the list.
-
Noteworthy events: Objects in the chain that are possibly malicious, based on existing Trend Micro intelligence
-
File events: Objects in the chain that are files
-
Registry events: Objects in the chain that are registry keys, data and entries
-
IP address / DNS events: Objects that are IP addresses or DNS events
The table provides the following details:
|
Column Name
|
Description
|
|
Recorded Object
|
Name of the recorded object
Click the object name to view more details.
|
|
PID
|
Process ID of the recorded object
|
|
Recorded
|
Date and time when the object became involved in the chain
|
|
Activity
|
Action done by the object
Click the object name to view more details.
|
|
Object Reputation
|
Rating assigned to the object based on Trend Micro intelligence
You can further examine objects with
Maliciousratings in Threat Connect or VirusTotal. |
|
Affected Endpoints
|
Number of endpoints where the object appears
Percentage of endpoints affected, based on the total number of endpoints on the
network
Click the value to view more details about the endpoint.
|
Use the following options to manage the table:
-
On all tabs, select at least one object in the Recorded Object column, and click Start a Historical Investigation to start another investigation.
-
On the Objects tab, click the filter icon (
) to filter the table according to the specified criteria. -
On the File events tab, sort the table by clicking on the Recorded and Object Reputation columns.