Information about alert processing results

The window showing information about a Detect processing result type event contains the following details:

Tree of events.
Displays the parent events and child events, and the links between them. The root node of the tree of events is the host whose events you are viewing.

You can select events in the tree of events to view information about these events.
On the Details tab, under Detect processing result:
- Event time—Date and time of the event.
- Detect—Name of the detected object. To find all events in which the object was detected, click the name of the object, then click Find events.
- Last action—Last action taken on the detected object.
- Host name—Name of the host on which the alert was generated.
- User name—User account used to complete the action taken on the detected object.
- Object type—Type of object (for example, a file).
- Object name—Full name of the file in which the object was detected.
- MD5—MD5 hash of the file in which the object was detected.
- SHA256—SHA256 hash of the file in which the object was detected.
- Detect mode—Scan mode in which the alert was generated.
- Record ID—ID of the record of the alert in the database.
- Databases version—Version of the database used to generate the alert.
On the Details tab, under Parent process:
- File—Path to the parent process file.
- MD5—MD5 hash of the parent process file.
- SHA256—SHA256 hash of the parent process file.
- Process ID—Identifier of the parent process.
- Launch parameters—Parent process startup settings.
On the History tab, in the table:
- Type is the type of the Detect processing result event.
- Description—Description of the event.
- Time is the date and time of the alert processing result.