Infected Host Details
Access this page by clicking on the host IP from the Hosts page.
Use the host details page to view in-depth information about current threats to a specific host by time frame. From here you can change the investigation status and the blocked status of the host.
The information provided on the host details page is as follows:
Table 1: Threat Level Definitions
Clean; no action is required.
Low threat level. Recommendation: Disable this host.
Medium threat level. Recommendation: Disable this host.
High threat level. Host has been automatically blocked.
Host Status—Displays the current state by threat level, which could be any of the levels described in the table above.
Investigation Status—The following states of investigation are available: Open, In progress, Resolved - false positive, Resolved - fixed, and Resolved - ignored.
Policy override for this host—The following options are available: Use configured policy (not included in infected hosts feed), Always include host in infected hosts feed, Never include host in infected hosts feed.
The blocked status changes in relation to the investigation state. For example, when a host changes from an open status (Open or In Progress) to one of the resolved statuses, the blocked status is changed to allowed and the threat level is brought down to 0. Also, when the investigation status is changed to resolved, an event is added to the log at the bottom of the page.
Host threat level graph—This is a color-coded graphical representation of threats to this host displayed by time frame. You can change the time frame, and you can slide the graph backward or forward to zoom in or out on certain times. When you zoom in, you can view individual days within a month.
Expand time-frame to separate events—Use this check box to stretch a period of time and see the events spread out individually.
Past threats—The date and status of past threats to this host are listed here. The time frame set previously also applies to this list. The description for each event provides details about the threat and the action taken at the time.