Procedure

1. Go to either the Watch List or High Risk Hosts tab and click the host to investigate.
   The time-series line graph to the right plot is populated with the threat count on that host by threat type and for a particular time period (past 24 hours, 7 days, and 30 days).

   Note Threat types include known malicious content, malicious behavior, suspicious behavior, exploit, and grayware. For known malware and exploits, all detections are counted in the graph. For malicious behavior, suspicious behavior, and grayware, only those that are considered high risk are displayed in the graph. If you select Past 24 hours and the current time is 4:15 pm, the graph shows the threat count for each threat type from 5:00pm of the previous day to 4:00pm of the current day.

2. Click a data point in the graph.
   The Detection screen with detailed threat information opens.