Skip to content

Computer drilldown tab

Jump to bottom
Edoardo Gerosa edited this page May 31, 2020 · 1 revision

The computer drilldown tab provides an overview of all indicators for the selected virtual machine (host) within the specified timespan.

alt text

The Computer drilldown tab displays the following information:

  • Punchcard graph depicting all ATT&CK technique indicators per hour
  • Drilldown grids listing Sysmon activity matching ATT&CK techniques for the selected host covering:
    • Process create activity
    • Process access activity
    • File create activity
    • Image loaded activity
    • Network connections activity
    • Registry access activity
    • Pipe connected activity
    • DNS query activity
  • Grid listing raw sysmon logs for the selected host

A higher definition picture of the Computer drilldown tab can be found here.

Clone this wiki locally