The Events table shows the events that are contained in investigations. A colored bar on the left border of each row indicates the event type.
| Column |
Description |
|---|---|
| Hostname |
The name of the host on which the event occurred. |
| Time |
The date and time that the event occurred. |
| Tagged Time |
The time that the event was tagged for this investigation. |
| Type |
The event type (filemod, regmod, netconn, modload, child process, fork, posix_exec, custom, crossproc, blocked, EMET). |
| Description |
Description of the event; for example, paths to files and registry elements that were modified, signature status, and hash values. |
| Search |
Opens the event in the Process Search page. See Overview of Process Search. |
| Analyze |
Opens the event in the Process Analysis page. See Process Analysis Page. |
