Getting the Most out of RTG
- Run to ground is best when performed on rare, suspicious, or malicious files. Avoid selecting files that are well known to be non malicious or trusted.
- Run to ground cannot be performed on common files (files found across a high number of assets).
- Original objects and variants are already known and detected, the goal of RTG is to also find other objects from the close sightings that may be related.
- When you find an interesting sighting, pivot to a new run to ground of that sighting to continue your investigation by right clicking on an object sighting within the table to open the context menu and select “run to ground” to pivot to the new RTG.
Updated about 1 month ago