Abstract
Despite constant efforts to improve automation for IT security incidents, analysts are often confronted with numerous alerts and have to make sure that they do not miss the most critical of them. The analysts need to quickly decide based on a plethora of yet incomplete
information. This information often includes a tree of parent and child processes in real-world scenarios. We present an augmented visualisation of such a process tree, which not only shows the static hierarchy as previous ones do, but also conveys the temporal relation between processes, thus allowing for investigating the hierarchy and time perspective of the process tree at the same time. Furthermore, it makes additional process-related events collected by endpoint
sensors accessible for a more complete view on process behaviour.
Users
Please
log in to take part in the discussion (add own reviews or comments).