search
Log In

Analysis & Investigation

This page allows the investigation of what is happening in the entire system. Users can take action by right-clicking on the entry, e.g., remediation, trusting the entry, adding entry to a classification rule, etc.

The grids are grouped into seven main categories:

  • Threat Management

  • Vulnerabilities

  • Misconfigurations

  • External Exposure

  • Windows Asset

  • Windows Artefacts

  • Windows Asset

  • Linux/macOS OSQuery

  • Other Assets

  • Identities

  • Uncategorised

The most commonly used sections are summarized below:

  • Windows Autorun Analysis: This grid shows autorun data collected from all portal machines.

  • Windows Process Analysis: This grid shows collected process data from all machines on the portal.

  • Windows Macro Analysis: This grid shows collected macro file data from all machines on the portal. If client machines are enabled or use the macros on the files, the data will appear on this grid.

  • Windows Sysmon Analysis: This grid shows collected sysmon data from all machines on the portal. Sysmon allows us to capture every single thing happening on the Windows machine.

  • Windows Sysmon Threat Analysis: This grid shows collected and specially analyzed sysmon data from all machines on the portal. Sysmon allows us to capture every single thing happening on the Windows machine.

  • Linux/macOS OSQuery: This section completely shows Linux and macOS artifacts separated by processes, users, crontabs, command history, authentication logs, and Syslog messages. Also, they are classified by our classification engine.

  • SIGMA & YARA: This section shows the SIGMA and YARA scan results on the devices. Users with a Thor license can use this grid very efficiently.

  • Windows Object and Honeypot Access Analysis: This section shows the object access and honeypot access scan results on the devices. With notifications, users can also take action for object or honeypot access.

  • Windows File Activity Analysis: This section shows the file activity analysis results, the specific files are tracked by the agent and gather information about the last event. With notifications, users can also take action for events.

  • Windows Asset: This section provides a complete inventory analysis.

  • Windows Hardening Results: This section shows the misconfigurations compared to global bencmarks. Devices can be hardened with just few clicks.

  • External Exposure: This section scans provided domains and display the scan results. Users can overview the results and remediate manually.

PreviousNotable EventsNextVisualization

Last updated

Was this helpful?