Investigate incidents for active threats by Malware name and malware family name. Here all the incidents detected on an asset are listed here. Know the OS and host on which the incident was detected, the events detected, and other information at quick glance.
To know more about the incident, click on the incident description and in the Incidents Details, view information like Timeline, Process Tree, Asset Details etc. If the risk score is zero then the incident is considered non malicious.
The incidents can also be remediated from the Incident Details. Navigate to the Timeline tab to view the timeline of the detected event and choose a remediation action if applicable.
You can also take remediation action from the Process tree tab.
The Hunting tab, has the following two sub tabs:
- Current View: This tab lists all the events that are active on the assets.
- Historic View: This tab list all the events registered and executed on the asset.
Search for events by event properties (1), jump to events that occurred in certain time frame (2), group events by type (3), view event details and asset details (4).
Check out our tutorial
The Event Details page lists more information for each event. Know more
Get up to date views on a selected asset's details, its events and incidents. Using the Quick action menu, view the Asset Details. Event Details, and Incident details.
You can also view assets that have active threats. In the Active Threats by Host tab view details like asset score, number of infections, malware family the threat belongs to, etc at a glance.