This tool is used by SOC (Security Operation Center) employees to identify suspicious activity occurring on endpoints as part of incident investigation, Threat Hunting, and search for suspicious processes. The Keeper ZT system collects and logs PC activity online.

Moreover, the history graph of Keeper ZT processes allows you to determine the time of increased resource consumption at the workstation, which can also indicate the possible activity of malicious software such as cryptocurrency miners, encryptors, or other potentially unwanted activity of various software.

The history of processes keeps track of all processes that were started, with detailed information about the time, the execution path of the process, the parent, and other useful data.