Flow Analyzer view
The Flow Analyzer view () shows a graphic flow diagram depicting the history of what happened before the security event was triggered, from left to right. Each node can represent a process, a thread or a service.
The arrows indicate the sequence of processes and specify the operation that was performed, such as Create, Inject, Open and so on. If multiple operations were performed between two processes, then multiple arrows are shown between them. If an operation repeated several times in the same segment, it is represented by a dashed line .
Typically, the next to last rightmost node represents a connection request and specifies the IP address to which it attempted to establish a connection. It can also represent an attempt to lock or encrypt a file by ransomware .
The rightmost node represents the action performed by FortiEDR, such as Log, Block, or Simulated Block.
The flow chart is interactive. Clicking on a specific node or arrow drills down to the Stack View (described in Stack view ). This enables you to perform further investigation of the specific stack that was collected during that step.