Step 4. Analyzing alert information
Step 4. Analyzing alert information
At this step, analyze the information about the alert to determine what data is required for further analysis of the alert.
Example From the alert information, the analyst learns the following:
This information can be viewed in the details of the event that caused the alert (Alerts → R093_Modification of critical registry hives → Related events → event 2022-08-23 17:27:05), in the FileName, DeviceHostName, and SourceUserName fields respectively. |
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.