Select the Event Search option. Then from the Event Actions, select Show Associated Event Data (From TargetProcessld_decimal)

Select Full Detection Details from the detection

Right-click the process and select "Follow Process Chain"

Select the Process Timeline feature, enter the AID. Target Process ID, and Parent Process ID

45 Days

90 Days

Days

Quarantined files are not deleted

It allows for the automated decryption of files affected by ransomware.

It provides a standardized view of the attack lifecycle to help understand adversary behavior.

It enables the sensor to block kernel-level drivers from unknown publishers.

It provides a real-time count of the total number of files on the endpoint.

Falcon Intel via Intelligence Indicator - Domain

Machine Learning via Cloud-Based ML

Malware via PUP

Credential Access via OS Credential Dumping

Global (applies to all hosts in the environment)

Only the specific host where the file was originally quarantined

All hosts within the same host group as the source host

All hosts running the same operating system version

Activity

Investigate

Configuration

Dashboards

determine any network connections

review the processes involved with a detection

determine the origin of the detection

review information surrounding a hash's related activity

It allows a responder to upload a file to the cloud for detonating in a sandbox.

It allows for a summary view of the environment-wide presence of a given list of multiple hashes.

It allows an administrator to block a single hash across all machines.

It provides a detailed process tree for every execution of a single hash.

An existing process was terminated by the user.

A new process was created and started on the endpoint.

A process successfully established a network connection.

A process modified a sensitive registry key.

Machine Learning

Behavioral

Intelligence

Custom IOA