Event Graph
In addition to textual information that is displayed (described above), the Event Graph tab provides an image depicting the flow of operating system events that led up to the connection establishment request or the attempt to lock data. The picture is shown as a timeline from left to right (meaning that the left process happened before the others). A circle can represent an operating system entity such as a process, a thread, a service, a file and so on. The white boxes represent the operation that was done between the operating system entities, such as create, open, inject, connect and so on. Typically, the last circle (rightmost) is a connection establishment request or a file access. Each white box has a number attached to it, representing the sequence of operations, and also the rules that were violated during that operation, along with the worst classification associated with that operation.
You can zoom in and zoom out using the buttons at the top right. The button fits the picture to the size of the window.