Incidents - Forensics Trees
The Forensics trees shows a graphical representation of the forensic report generated by Harmony Endpoint for each detection in an insight.
|
|
Note - An insight can contain zero or multiple forensic trees. |
To view the Forensics Tree page:
-
Access Infinity XDR
Extended Detection & Response/XPR Extended Prevention & Response and click Incidents > Incidents. -
Click the incident title or hover over the incident and click >.
-
Click Attack graphs > Forensics trees.
|
Legend |
Description |
|---|---|
| 1 | Date and time when the insight was generated. Click to view the insights and forensics trees available for the incident. Click the forensics tree to view its graphical representation. |
| 2 | Insight An aggregation of one or more logs into valuable observations indicating the nature of the activity. summary. |
| 3 | Process involved in the insight. |
| 4 | Asset involved in the insight. |
| 5 | Goes to that start of the tree. |
|
6 |
Goes through the processes in the tree. |
|
7 |
Opens the graph legends. |