Analyzing incidents to understand attacks

Incidents in SES Evolution make it possible to thoroughly analyze the context in which attacks occur on agents, and determine what these attacks consist of, where they come from and how they strike. To get this feature, your security policy must contain the built-in rule set Stormshield - Audits of attack contexts. For more information, refer to the section Understanding built-in rule sets.

If the Execution flow hijacking protection mode blocks a malware program, analyzing the incident will reveal which file caused the malware to launch, and where the file came from.