Forensics
Forensics analyzes attacks detected by other detection features and some third-party security products. On detection of a malicious event or file, Forensics is informed and a Forensics analysis is automatically initiated. After the analysis is completed, the full attack sequence is then presented as a Forensics Analysis Report.
The Forensics Analysis Report provides full information on attacks and suspicious behavior with an easy interface. The report includes:
-
Entry Point - How did the suspicious file enter your system?
-
Business Impact - Which files were affected and what was done to them?
-
Remediation - Which files were treated and what is their status?
-
Suspicious Activity - What unusual behavior occurred that is a result of the attack?
-
Incident Details - A full visual picture of the paths of the attack in your system.
Use the Forensics Analysis Report to prevent future attacks and to make sure that all affected files and processes work correctly.
To open a Forensics Report for an incident
-
Click the Endpoint Security menu and select Overview.
The Endpoint Security Main Page opens.
-
Click Anti-Ransomware, Behavioral Guard, and Forensics.
-
In the Analyzed cases table, click an Incident ID.
The Forensics Report opens in your browser.