The analysis chain shows object types using the following
icons:
|
Icon
|
Name
|
Description
|
|
First Observed Object
|
Marks an object that most likely created the matched
object
|
|
Matched Criteria
|
Marks objects matching the investigation criteria
|
|
Normal Object
|
Marks objects that have been verified to not pose a
threat
These are usually common system files.
|
|
Unrated Object
|
Marks objects that have not yet been rated
|
|
Suspicious Object
|
Marks objects that exhibit behaviors that are similar to known
threats
|
|
Malicious Object
|
Marks objects that match a known threat
|
|
Boot
|
Objects that launch during system startup
|
|
Browser
|
Objects that are capable of displaying web pages, usually
a web browser
|
|
Email client
|
Objects that can send and receive email messages, usually
an email client or server
|
 |
Email message
|
Objects identified through use of the Cloud App Security
integration email correlation feature
|
 |
File
|
Objects that are files on the disk
|
|
Network
|
Objects related to network connections or the Internet
|
|
Process
|
Objects that are processes running during the time of
execution
|
|
Registry
|
Objects that are registry keys, entries or data
|
|
Event
|
Indicates actions done by the object
|
|
Association
|
Indicates relationships between two objects
|