For each detection that has been made by Root-Cause Analysis and is displayed on a widget or in a table, you can view a threat development chain graph.
A threat development chain graph is a tool for analyzing the root cause of an attack. The graph provides visual information about the objects involved in the attack, for example, processes on a managed device, network connections, or registry keys.
To view a threat development chain graph:
The Root-Cause Analysis detection details window opens. The window contains a threat development chain graph and detailed information about the detection.
A threat development chain graph shows the following types of objects:
A graph is generated according to the following rules:
When you click any object on a graph, the area below shows detailed information about the selected object.
When you click a link in the SHA256, MD5, IP address, or URL fields in the detailed information about a file, you are taken to the Kaspersky Threat Intelligence Portal https://opentip.kaspersky.com/. The portal brings together all of the knowledge that Kaspersky has acquired about cyberthreats into a single web service. It allows you to check any suspicious threat indicator, whether it is a file, file hash, IP address, or web address.
Page top