A process has created a number of interesting (executable) files in one sequence. In addition to the event Subtype 'New Unapproved File to Computer', what other event subtype is likely to be associated with this sequence?
Review this result after executing a query in the Process Search page, noting the circled black dot: What is the meaning of the black dot shown under Tags?
An Enterprise EDR administrator sees the process in the graphic on the Investigate page but does not see an alert for this process: How can the administrator generate an alert for future hits against this watchlist?