1 - General definition
Investigation is a research activity carried out on the activity of Endpoints (system, network...) within an IT estate in order to find malicious activity.
2 - Investigation avec Nucleon
With the Nucleon platform, investigation enables you to understand the execution flow of a malicious file in order to understand its behaviour on the system and network.
Investigation can be launched using two methods:
- From a Threat in the Overview tab:
- From a particular event in (Related events):
The red nodes correspond to blocked events, the orange ones to weak signals.
Each node can be clicked to display details of the event in question:
Cet article a-t-il été utile ?
C'est super !
Merci pour votre commentaire
Désolé ! Nous n'avons pas pu vous être utile
Merci pour votre commentaire
Commentaires envoyés
Nous apprécions vos efforts et nous allons corriger l'article