Fortinet black logo

Administration Guide

Home FortiEDR/XDR 6.0.0 Administration Guide
6.0.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0

Event Graph

Event Graph

In addition to textual information that is displayed (described above), the Event Graph tab provides an image depicting the process chain, such as connection establishment and data alteration, up to the action that was blocked.

The picture is shown as a timeline from left to right (meaning that the left process happened before the others). A circle can represent an operating system entity such as a process, a thread, a service, a file and so on. The white boxes represent the operation that was done between the operating system entities, such as create, open, inject, connect and so on. Each white box has a number attached to it, representing the sequence of operations, and also the rules that were violated during that operation, along with the worst classification associated with that operation.

At the top right, use the Investigation View button () to open a new window with a graphical and interactive view to further drill down the chain of activities involved in the event. Use the buttons to zoom in and zoom out,. Use the button to fit the picture to the size of the window.

Previous
Next

Event Graph

In addition to textual information that is displayed (described above), the Event Graph tab provides an image depicting the process chain, such as connection establishment and data alteration, up to the action that was blocked.

The picture is shown as a timeline from left to right (meaning that the left process happened before the others). A circle can represent an operating system entity such as a process, a thread, a service, a file and so on. The white boxes represent the operation that was done between the operating system entities, such as create, open, inject, connect and so on. Each white box has a number attached to it, representing the sequence of operations, and also the rules that were violated during that operation, along with the worst classification associated with that operation.

At the top right, use the Investigation View button () to open a new window with a graphical and interactive view to further drill down the chain of activities involved in the event. Use the buttons to zoom in and zoom out,. Use the button to fit the picture to the size of the window.

Previous
Next