Security Threats on Endpoints

The Threats tab on the Endpoint information screen allows you to view all security threats detected on a specific endpoint.

You can access this screen from the Endpoints with Threats widget on the Dashboard > Summary tab or the Affected Users screen on the Control Manager console.

  • Task: Allows you to Assign tags, or Isolate or Restore connections to the endpoint.

    For more information, see Assessing Impact on Affected Users and Isolating Endpoints.

  • Security Threats Over Time: Provides a graphical representation of threat information based on the time of the detection and whether the detection occurred on an assigned endpoint or the user's account

    • Hover over a threat icon (for example, ) to view details about the detection.

    • Change the displayed time interval by changing the Zoom value.

    • Change the end date by scrolling through the dates displayed under the graph.

    • Apply filters by clicking the funnel icon () and selecting the following criteria and using the OR or AND operators to build advanced filters.

      • Threat type: Select a threat category from the second drop-down list

      • Security threat: Type a malware name or suspicious URL, IP address, or sender email address

      • Threat status: Select Resolved by product, Action required, or Resolved manually

  • Security Threat Details: Provides more detailed information about the threats displayed on the Security Threats Over Time graph

    • Click a value in the Security Threat column to view the Affected Users screen.

      For more information, see Affected Users.

    • Click View link in the Details column to view detailed information.

    • Click a flag icon in the Threat Status column () to change the threat status for threats that require remediation.

      Note:

      Changing the threat status for a threat does not actually resolve the threat. The threat status is a case handling tool to help administrators track identified threats and indicate to other administrators that a threat has been resolved.

      Threat Status

      Description

      Resolved by product ()

      Indicates that the threat has been resolved by a managed product

      Note:

      You cannot change this threat status.

      Action required ()

      Indicates that remediation is required

      Click the Action required icon () to change the threat status to Resolved manually ().

      Resolved manually ()

      Indicates that remediation has been performed by an administrator

      Click the Resolved by product icon () to change the threat status to Action required ().