Indications of compromise (IOCs)
are complex behavioral clues that are captured in real time across multiple computers, such as malicious file detection or a parent file repeatedly downloading a malicious file.
AMP for Endpoints analyzes devices with IOCs based on events observed over the last seven days. Devices considered to be at the highest risk are displayed at the top of the list to help security times prioritize response.Recognize IOCs
shows activity on computers that have deployed the AMP for Endpoints Connector. It continuously tracks activity and communications on devices and on the system level. This helps you quickly understand root causes and the chronological history of events leading up to and after compromise.See device trajectory in action
shows the complete lifecycle of each file in your environment from the first time it was seen to the last time, as well as all computers in the network that were affected. So you can get better visibility and reduce the time required to scope a malware breach.See file trajectory in action