After automatically triaging an alert, Intezer Autonomous SOC generates an alert report. The results are divided into sections. Each section provides an additional layer of investigation.
Table of Contents
Main Summary
The top of the page shows a summary of Intezer's alert triage:
- Alert Verdict - Indicates the triaged verdict which is based on code reuse and analysis of other artifacts.
- Classification (Malware Family) - Specifies the threat classification based on code reuse findings. For example, a file could be classified as malware, administration tool, legitimate software or library.
- Recommended Actions - Specifies the recommended actions for your team to remediate or further investigate the triggered alert.
Automated Triage
This section contains any files related to the alert, together with the alert type, and calculated risk category. From here, you can review the analysis results from Intezer on individual files.
Response & Recommendations
This section provides information about the next actions to remediate and prevent these alert from future occurrences.
Alert Info
This section contains all the information retrieved from the EDR, such as mitigation status, OS version, process command line, etc.