A lineage can be thought of as a tree that has a common root node. If a node does not lead up to the common root, it is a separate lineage. The example tree structure shows a single lineage with multiple triggering events within the same lineage. Two more encoded command events are added to the incident. For each of these triggering events, Symantec EDR creates a parent lineage. Triggering events launch multiple children. The following diagram shows the visual representation.
The following screen shot shows the corresponding Events Summary view in the EDR appliance console.