Analysis relationships widget

A single analysis may require the VMware NSX Network Detection and Response analysis backend to monitor multiple subjects. For example, during a file analysis, multiple processes may be launched by the original program; similarly, during a URL analysis, multiple additional URLs may be referenced and fetched.

In this case, the Analysis subjects overview widget is generated. It provides a graphical representation of the relationship of each analysis subject that was monitored during the analysis.

Relationship of each analysis subject

The widget displays a node for each analysis subject. Two nodes are linked by an edge if the corresponding analysis subjects were found to interact during the analysis (for example, a process started another process).

On the left-hand side of the widget is a legend of activities that were observed during the analysis. Click the radio button next to an activity name to highlight the analysis subjects that displayed that specific activity. You can also select a set of activities.

Click on a node to collapse the subsequent related nodes.

Double-click on a node to jump to the section of the report that provides detailed information about the corresponding analysis subject.