Example

From the alert information, the analyst learns the following:

• Which registry key has been modified
• On which asset
• The name of the account used to modify the key

This information can be viewed in the details of the event that caused the alert (Alerts → R093_Modification of critical registry hives → Related events → event 2022-08-23 17:27:05), in the FileName, DeviceHostName, and SourceUserName fields respectively.