The Threats tab on the Endpoint information screen allows you to view all security threats detected on a specific endpoint.
You can access the Threats tab on the Endpoint information screen from the following locations:
Endpoints with Threats widget: Click a count in the Threats column
For more information, see Endpoints with Threats Widget.
Endpoint Details screen: Click a count in the Threats column
For more information, see Endpoint Details.
Affected Users tab on the Security Threat screen: Click an endpoint name in the Host Name column
For more information, see Affected Users.
Task: Allows you to Assign tags, or Isolate or Restore connections to the endpoint.
For more information, see Isolating Endpoints.
Security Threats Over Time: Provides a graphical representation of threat information based on the time of the detection and whether the detection occurred on an assigned endpoint or the user's account
Hover over a threat icon (for example, ) to view details about
the detection.
Change the displayed time interval by changing the Zoom value.
Change the end date by scrolling through the dates displayed under the graph.
Apply filters by clicking the funnel icon () and selecting the
following criteria and using the OR or
AND operators to build advanced filters.
Threat type: Select a threat category from the second drop-down list
Security threat: Type a malware name or suspicious URL, IP address, or sender email address
Threat status: Select Resolved by product, Action required, or Resolved manually
Security Threat Details: Provides more detailed information about the threats displayed on the Security Threats Over Time graph
Click a value in the Security Threat column to view the Affected Users screen.
For more information, see Affected Users.
Click View link in the Details column to view detailed information.
Click a flag icon in the Threat Status
column () to
change the threat status for threats that require remediation.
Changing the threat status for a threat does not actually resolve the threat. The threat status is a case handling tool to help administrators track identified threats and indicate to other administrators that a threat has been resolved.
Threat Status |
Description |
---|---|
Resolved by product ( |
Indicates that the threat has been resolved by a managed product Note:
You cannot change this threat status. |
Action required ( |
Indicates that remediation is required Click the Action
required icon ( |
Resolved manually ( |
Indicates that remediation has been performed by an administrator Click the Resolved by
product icon ( |