Find the desired product help

Xcitium EDR

Xcitium EDR

Comodo EDR Admin Guide

English

Print Help

Download Help

Investigation > Process Timeline

Introduction To Comodo EDR
- Purchase Licenses
- Login To The Admin Console
The Admin Console
The Dashboard
MSP Dashboard
Add Endpoints To EDR
View Enrolled Endpoints
Manage EDR Policies
View Event Details On Endpoints
Alerts
Investigation
Appendix 1 - Default Comodo Security Policy Details
About Comodo Security Solutions

Process Timeline

The 'Process Timeline' shows all processes spawned by an event.

You can view the timeline in two ways:

Event Search

Auto-populate the event ID from the 'Event Search' results interface. Go to 'Investigation” > 'Event Search', select the time-period and click 'Search'. Under the 'Event List' section, click the process timeline icon beside an event in the 'Show column.

Alternatively, you can provide the event ID manually in the field to view its timeline.

Alerts

Go to 'Alerts' then click 'Show Alerts' in an Alert row. Under 'Events' section, click the process timeline icon beside an event in the 'Show column.

The timeline of the selected event will be displayed.

You can view the details in timeline or tree view.

Timeline View

By default, the timeline view of the event will be displayed:

The search time here indicates the processes that the event generated. The results are displayed for processes generated 30 minutes preceding and after the event. For example, for an event that started at 11.00.00, the results will displayed for processes generated by the event from 10.30.00 to 11.30.00.

The timeline of the event is shown at the top with date and time preselected.

The processes path initiated by the event is indicated by the down arrow.

The number beside a process name indicates the number of events generated by the process.

Click on a process to view process name, time-stamp, hash, path and verdict.

The event (created by the process) details are shown in the box below the process path.

The event types are color coded and displayed above the event details box.

Event details displays all event fields for that event type. The number of event fields displayed depends on the event type.

Tree View

You can view the process hierarchy in tree view. In the 'Process Timeline' screen, click 'Tree View' tab.

You can view the processes and event types with respective colors.

Use mouse to zoom in and zoom out. Click 'Reset Zoom' to default view

The number beside a process name indicates the number of events generated by the process.

Clicking on a process name will open the 'Event Search' screen with the event search box populated with the selected process parameters.

Our Products

Free Antivirus
Free Internet Security
Website Malware Removal
Free Anti-Malware
Anti-Spam (Free Trial)
Windows Antivirus
Antivirus for Windows 7
Antivirus for Windows 8
Antivirus for Windows 10
Antivirus for MAC
Antivirus for Linux

Free Endpoint Security
Free ModSecurity
Free RMM
Free Website Malware Scanner
Free Device Manager for Android
Free Demo
Network Security
Endpoint Protection
Antivirus for Android
Comodo Antivirus
Wordpress Security

Bootstrap CDN
Semantic UI CDN
Jquery CDN
CDN Plans
CDN
Free CDN

Enterprise

Patch Management Software
Patch Manager
Service Desk
Website Down
Endpoint Protection Solutions
Website Security Check
Remote Monitoring and Management
Website Security
Device Manager
ITSM
CRM
MSP
Android Device Manager
MDR Services
Ransomware Prevention
Managed IT Support Services
Free EDR

Free SSL Certificate

Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.