G DATA 365 | MXDR
Retracing incidents using the alert graph
When following up on complex incidents, it can be helpful to look at all the processes involved in detail. To ensure this the alert graph is available in the G DATA Web Portal. Here you will find a visualized representation of each alert of the respective incident, showing which processes involved have triggered other processes.
Which process triggered other processes? What happened in which files on the system? Have changes been made in the Windows
registry and if so, what has changed there in detail? Was there any external communication and where to?
These questions can be analyzed in detail.
Interactions between the processes are displayed here. Furthermore, it is possible to view detailed information on the individual
processes.
This includes:
-
General process details
-
File operations
-
Operations in the Windows registry
-
Network operations
The graph refers to the processes that belong to one alert, not to the processes of all alerts that belong to an incident! |
You can access the alert graph from the
incident overview screen either via the Timeline or the alert list.
Here you can find the documentation of the alert graph.