Views:
The Threats tab on the Endpoint information screen allows you to view all security threats detected on a specific endpoint.
You can access the Threats tab on the Endpoint information screen from the following locations:
  • Endpoints with Threats widget: Click a count in the Threats column
    For more information, see Endpoints with Threats Widget.
  • Endpoint Details screen: Click a count in the Threats column
    For more information, see Endpoint Details.
  • Affected Users tab on the Security Threat screen: Click an endpoint name in the Host Name column
    For more information, see Affected Users.
security_endpoint=GUID-F047B2BC-34A7-4336-9E49-3CB15902416C=2=en-us=Low.jpg
  • Task: Allows you to Assign tags, or Isolate or Restore connections to the endpoint.
    For more information, see Isolating Endpoints.
  • Security Threats Over Time: Provides a graphical representation of threat information based on the time of the detection and whether the detection occurred on an assigned endpoint or the user's account
    • Hover over a threat icon (for example, icon_malware=GUID-8F7D6D8C-7F89-4294-B6B1-E0C2E1C8EBC7=1=en-us=Low.png) to view details about the detection.
    • Change the displayed time interval by changing the Zoom value.
    • Change the end date by scrolling through the dates displayed under the graph.
    • Apply filters by clicking the funnel icon (icon_funnel=GUID-72793B76-BFB7-45AB-BCA5-AA61DBF5AB9E=1=en-us=Low.jpg) and selecting the following criteria and using the OR or AND operators to build advanced filters.
      • Threat type: Select a threat category from the second drop-down list
      • Security threat: Type a malware name or suspicious URL, IP address, or sender email address
      • Threat status: Select Resolved by product, Action required, or Resolved manually
  • Security Threat Details: Provides more detailed information about the threats displayed on the Security Threats Over Time graph
    • Click a value in the Security Threat column to view the Affected Users screen.
      For more information, see Affected Users.
    • Click View link in the Details column to view detailed information.
    • Click a flag icon in the Threat Status column (threat_status_col=GUID-FFEEEEF6-1166-4FD4-8ECC-C61436D268A8=1=en-us=Low.jpg) to change the threat status for threats that require remediation.
      Note
      Note
      Changing the threat status for a threat does not actually resolve the threat. The threat status is a case handling tool to help administrators track identified threats and indicate to other administrators that a threat has been resolved.
      Threat Status
      Description
      Resolved by product (action_status_none=GUID-019F7755-C4B0-438D-9250-84542D95A887=1=en-us=Low.jpg)
      Indicates that the threat has been resolved by a managed product
      Note
      Note
      You cannot change this threat status.
      Action required (action_status_required=GUID-27724890-0571-41CE-8C6D-8193B2DC14EE=1=en-us=Low.jpg)
      Indicates that remediation is required
      Click the Action required icon (action_status_required=GUID-27724890-0571-41CE-8C6D-8193B2DC14EE=1=en-us=Low.jpg) to change the threat status to Resolved manually (action_status_resolved=GUID-A7997668-25E2-44B0-AE73-3DD8529F8DF4=1=en-us=Low.jpg).
      Resolved manually (action_status_resolved=GUID-A7997668-25E2-44B0-AE73-3DD8529F8DF4=1=en-us=Low.jpg)
      Indicates that remediation has been performed by an administrator
      Click the Resolved by product icon (action_status_none=GUID-019F7755-C4B0-438D-9250-84542D95A887=1=en-us=Low.jpg) to change the threat status to Action required (action_status_required=GUID-27724890-0571-41CE-8C6D-8193B2DC14EE=1=en-us=Low.jpg).
Keywords: case handling,endpoints,threat status