Infected Host Details
Access this page by clicking on the host IP from the Hosts page.
Use the host details page to view in-depth information about
current threats to a specific host by time frame. From here you can
change the investigation status and the blocked status of the host.
The information provided on the host details page is as follows:
Table 25: Threat Level Definitions
Threat Level | Definition |
|---|
0 | Clean; no action is required. |
1–3 | Low threat level. Recommendation: Disable this host. |
4–6 | Medium threat level. Recommendation: Disable this host. |
7–10 | High threat level. Host has been automatically blocked. |
- Host Status—Displays the current state by threat
level, which could be any of the levels described in the table above.
- Investigation Status—The following states of investigation
are available: Open, In progress, Resolved - false positive, Resolved
- fixed, and Resolved - ignored.
- Policy override for this host—The following options
are available: Use configured policy (not included in infected hosts
feed), Always include host in infected hosts feed, Never include host
in infected hosts feed.
Note: The blocked status changes in relation to the investigation
state. For example, when a host changes from an open status (Open
or In Progress) to one of the resolved statuses, the blocked status
is changed to allowed and the threat level is brought down to 0. Also,
when the investigation status is changed to resolved, an event is
added to the log at the bottom of the page.
- Host threat level graph—This is a color-coded graphical
representation of threats to this host displayed by time frame. You
can change the time frame, and you can slide the graph backward or
forward to zoom in or out on certain times. When you zoom in, you
can view individual days within a month.
- Expand time-frame to separate events—Use this check
box to stretch a period of time and see the events spread out individually.
- Past threats—The date and status of past threats
to this host are listed here. The time frame set previously also applies
to this list. The description for each event provides details about
the threat and the action taken at the time.
Related Documentation
Help us to improve. Rate this article.
Feedback Received. Thank You!