Security Threats (User)

View security threats detected on all endpoints owned by a user.

There are several ways to access this screen. The recommended way is to go to the Users with Threats widget on the dashboard and click a value representing the number of threats detected on all the endpoints owned by a user.

The major user interface elements in the screen are as follows:




User with endpoints that have security threats


Endpoints that the user owns (represented by a monitor icon) and the user (represented by a person icon)

By default, the host name of an endpoint and the domain name of the user display next to the icons. Click the gray arrow to show or hide the host and domain names.


Security threats detected on the endpoints, represented by icons

Mouseover an icon to view threat details.

Application violation

Behavior Monitoring violation

C&C callback

DLP incident

Content violation

Firewall violation

Intrusion Prevention event

Network content violation

Phishing email



Suspicious object


Web violation

Multiple events

4 and 5

Filter used for controlling the number of detected security threats within a certain time range


Table with details about the security threats

Critical threats are shaded light red for easy recognition.

To display details, do one of the following:

  • Click a value in the Security Threat column to view users affected by the threat.

  • Click a value in the Details column to view a log entry.