Analysis & Investigation

This page allows the investigation of what is happening in the entire system. Users can take action by right-clicking on the entry, e.g., remediation, trusting the entry, adding entry to a classification rule, etc.

The grids are grouped into seven main categories:

• Windows Artifacts

• Linux Artifacts

• SIGMA&YARA

• Threat Analytics

• Communication & Collabration

• Windows Asset

• Asset

• Analysis

The most commonly used sections are summarized below:

• Windows Autorun Analysis: This grid shows autorun data collected from all portal machines.

• Windows Process Analysis: This grid shows collected process data from all machines on the portal.

• Windows Macro Analysis: This grid shows collected macro file data from all machines on the portal. If client machines are enabled or use the macros on the files, the data will appear on this grid.

• Windows Event Log Analysis: This grid shows collected event log data from all machines on the portal.

• Windows Sysmon Analysis: This grid shows collected sysmon data from all machines on the portal. Sysmon allows us to capture every single thing happening on the Windows machine.

• Linux Artifacts: This section completely shows Linux artifacts separated by processes, users, crontabs, command history, authentication logs, and Syslog messages. Also, they are classified by our classification engine.

• SIGMA & YARA: This section shows the SIGMA and YARA scan results on the devices. Users with a Thor license can use this grid very efficiently.

• Windows Object and Honeypot Access Analysis: This section shows the object access and honeypot access scan results on the devices. With notifications, users can also take action for object or honeypot access.

• Windows File Activity Analysis: This section shows the file activity analysis results, the specific files are tracked by the agent and gather information about the last event. With notifications, users can also take action for events.

• Windows Asset: This section provides a complete inventory analysis. The grids are Windows Applications, Windows Computer analysis, Windows Listening Ports, Windows Network Adapters, Windows Security Centers (antivirus and firewall), Windows Network Shares, Windows Adapter Tracking, Windows Update Analysis, Windows Hardware Summary, Windows Disk Drive Analysis, Windows System Drivers, Windows USB Drivers, Windows Asset Activity Tracking and Windows Login Activity Tracking. Users can disable network shares, delete applications, disable network adapters, etc. with these grids.