A single analysis might require the NSX Advanced Threat Prevention service to monitor multiple subjects.

For example, during a file analysis, the original application might launch multiple processes. Similarly, during a URL analysis, more URLs might be referenced and fetched.

In this case, NSX Network Detection and Response generates the Analysis subjects overview widget, which provides a graphical representation of the relationship of each analysis subject that the NSX Advanced Threat Prevention service monitored during the analysis.

analysis overview image

The widget displays a node for each analysis subject. Two nodes are linked by an edge if the corresponding analysis subjects were found to interact during the analysis (for example, a process started another process).

On the left-hand side of the widget is a legend of activities that were observed during the analysis. Click the radio button next to an activity name to highlight the analysis subjects that displayed that specific activity. You can also select a set of activities.

Click a node to collapse the subsequent related nodes.

Double-clicking a node takes you to the section of the report that provides detailed information about the corresponding analysis subject.