ESET Online Help

Search
Select the category
Select the topic

Incident Graph

The incident graph displays an interactive node graph visualization of selected incidents, including detections, computers, executables, and a timeline of events. Right-click any node to open a context menu with actions for that node. Nodes can be moved and repositioned. Use the Graph menu for additional actions:

Fit—Center the graph to display all nodes.

Reset—Return all nodes to their initial positions.

Redraw—Refresh the graph information.

The screen's right side displays additional information for the selected graph element:

Incident—Comprehensive details about the incident.

Timeline—Shows time-stamped details of incident changes, highlighting the graph node for the selected timeline event. Check which items should be shown:

oThreat indicators—Display threat indicators in the timeline if checked.

oBehaviours—Show threat behaviors in the timeline if checked.

oAnalyst actions—List analyst actions in the timeline if checked.

Details—Comprehensive information about the selected element in the graph.

Process tree—Displays selected element's position from the graph in the process tree.

Related objects—List of related objects to the selected element in the graph.

See the Incident Graph example.

Graph elements

Nodes

Incident_graph_icon_process

Process

Incident_graph_icon_process_name

The node contains the process name and a PID.

Incident_graph_icon_executable

Executable/Module

Incident_graph_icon_cmd

Command line

Incident_graph_icon_file

File

Incident_graph_icon_url

Link/URL

Incident_graph_icon_ip

IP

Incident_graph_icon_pc

Computer

Incident_graph_icon_user

User

Incident_graph_icon_user_pc

User and Computer

A source node is the initial entity signaling suspicious activity and may have multiple circles around it. There can be multiple source nodes in a graph.

The node's color indicates the highest severity detection linked to it:

Incident_graph_icon_node_blue

Informational

Incident_graph_icon_node_yellow

Warning

Incident_graph_icon_node_red

Threat

Lines

Lines between nodes represent detections linking them. Thicker lines indicate more detections. Numbers on the lines show detection counts (no number means one detection).

incident_graph_example_9_lines