On the Investigate page, you can click any element on the alert graph to view the details pane that shows all attacker activities on the system. The details pane is unique for each Zscaler ITDR object (Zscaler ITDR Admin Portal, Decoy Connector, Decoy Group, and Decoy) and attacker.

Zscaler ITDR Object Details Pane

The ITDR object details pane shows you ThreatParse rules that are triggered by attackers connecting to that object. It includes the risk scores assigned to attackers. This information enables the security teams to prioritize the most pressing threats first and take necessary actions to stop lateral movement.

Click View Extended Details to view the in-depth analysis of attack activities carried out against the selected deception object. To learn more, see Viewing Extended Details.

Attacker Details Pane

The attacker details pane shows you the risk score associated with the attacker, along with the first and last event timestamp. It shows you a list of ThreatParse rules triggered by the attacker and any triage incidents from the endpoint, if available.

When events are discovered, you can take immediate actions. Click Actions to contain, block, or delete threats. You can also mark an attack as safe.

Click View Extended Details to view the in-depth analysis of the attacker’s activity. To learn more, see Viewing Extended Details.