Affected Users

The Affected Users tab on the Threat Information screen allows you to view the users that a specific threat targeted across your network.

You can access this screen from the Security Threats tab on the User or Endpoint screens by clicking a threat name in the table.

  • Unique Affected Users Over Time: Provides a graphical representation of which users the threat affected and the time of the detection

    • Click Assess Impact to perform a detailed log analysis and determine if the threat existed on an endpoint but was previously undetected.


      Performing an impact assessment from the Threat Information screen requires registering both Endpoint Sensor 1.5 (or later) and Deep Discovery Inspector 3.8 (or later) to Control Manager.

      For more information, see Assessing Impact on Affected Users.

    • Hover over a user icon to view all users affected by this specific threat and its detection history in your environment

      • Recently detected: The threat detection occurred during scanning

      • Previously undetected: The threat detection occurred during an impact assessment analysis of log data

    • Change the displayed time interval by changing the Zoom value.

    • Change the end date by scrolling through the dates displayed under the graph.

  • Details: Provides more detailed information about the threats displayed on the Unique Affected Users Over Time graph