Getting Started
Trust CenterTourStatusPageSupport

Getting the Most out of RTG

Suggest Edits
  • Run to ground is best when performed on rare, suspicious, or malicious files. Avoid selecting files that are well known to be non malicious or trusted.
  • Run to ground is best when performed when sightings are less than 50 assets.
  • Original objects and variants are already known and detected, the goal of RTG is to also find other objects from the close sightings that may be related.
  • When you find an interesting sighting, pivot to a new run to ground of that sighting to continue your investigation by right clicking on an object sighting within the table to open the context menu and select “run to ground” to pivot to the new RTG.
  • Run to ground can only be performed on hashes found within your environment. Global hashes that are not within your environment or virtual sightings cannot be selected for run to ground.

Updated about 14 hours ago