Using the Analyze page

NAVIGATION  Analyze

SECURITY   Datto EDR subscription with administrator or analyst-level platform access

IMPORTANT  Specific retention periods apply to all record types in Datto EDR and Datto AV. For more information, refer to Datto EDR and Datto AV data retention policies.

The Analyze page is where you'll inspect scan results when hunting for forensic evidence of malicious activity. It enables you to deeply inspect individual hosts, processes, user accounts, and more.

This article describes the page's layout and functions.

Overview

  1. To access the Analyze page, in the top navigation menu, click Analyze.

  2. As you begin to work with the page, you'll notice that the data appearing here is deduplicated, consolidating multiple process logs into single lines so you can quickly scan through large volumes of collected telemetry.

    NOTE  If you have an aggregation from the last seven days that contains an alert, that alert will still appear in the report until the timestamp falls off the timeline. This includes "Compromised" alerts.

Good to know

This page delivers the additional functions listed below.

  • Click any header to sort the displayed records by the column's value.

  • Click any object or host name to open its summary detail page.