G DATA 365 | MXDR

Retracing incidents using the alert graph

When following up on complex incidents, it can be helpful to look at all the processes involved in detail. To ensure this the alert graph is available in the G DATA Web Portal. Here you will find a visualized representation of each alert of the respective incident, showing which processes involved have triggered other processes.

Which process triggered other processes? What happened in which files on the system? Have changes been made in the Windows registry and if so, what has changed there in detail? Was there any external communication and where to?
These questions can be analyzed in detail.

Interactions between the processes are displayed here. Furthermore, it is possible to view detailed information on the individual processes.
This includes:

General process details
File operations
Operations in the Windows registry
Network operations

The graph refers to the processes that belong to one alert, not to the processes of all alerts that belong to an incident!

You can access the alert graph from the incident overview screen either via the Timeline or the alert list.
Here you can find the documentation of the alert graph.