Analyzing Impact on Affected Users

You can perform a historical impact analysis of security threats in your environment from the Affected Users tab on the Security Threats screen in Apex Central.

Apex One Endpoint Sensor analyzes the impact of suspicious files, IP addresses, and domains in your environment by contacting agents and performing a historical scan of the agent logs to determine if the suspicious objects have affected your environment for a period of time without detection.


Impact analysis requires a valid Apex One Endpoint Sensor license. Ensure that you have a valid Apex One Endpoint Sensor license and enable the Enable Sensor feature for the appropriate Apex One Security Agent or Apex One (Mac) policies.

For more information, see the Apex Central Widget and Policy Management Guide.

  1. On the Apex Central console, go to Dashboard.
  2. On the Users with Threats or Endpoints with Threats widgets, click a number.
  3. On the screen that appears, click a Security Threat name in the Security Threat Details table.

    The Affected Users screen appears.

  4. Click Analyze Impact.

    Endpoint Sensor scans historical network traffic and logs for any detections of the suspicious object.

    For more information, see Preliminary Investigations in Endpoint Sensor.