Affected Users

Clicking a threat name in the Security Threats (User) or Security Threats (Endpoint) screen opens the Affected Users screen displaying a list of unique users affected by the threat.



The major user interface elements in the screen are as follows:

Number

Description

1

Security threat affecting one or several users

2

Affected users and the nature of detection (Recently detected or Previously undetected), represented by icons

The nature of a detection is represented by a specific color. Refer to the legend before the Assess Impact button to see what each color represents.

If a user has detections similar to others users, a number displays below the user name. Mouseover the user name to view all affected users.

3

Button for initiating impact assessment on security threats

Impact assessment on security threats requires Deep Discovery Endpoint Sensor and Deep Discovery Inspector. Both these products use Retro Scan to perform the assessment.

If only one of these products is registered to Control Manager, a partial impact assessment will be performed.

After the assessment, the graph will be updated with a list of previously undetected threats. These are stealthy and sophisticated threats that have previously evaded detection.

4 and 5

Time filter used for controlling the number of affected users shown

6

Table with details about affected users

Click a value in the User Name or Host Name column to view security threats on the user's endpoint.

7

Tab with general information about the security threat