CLOUD SOLUTIONS

Analyzing Detection Events

Threats Xplorer provides a wide variety of columns and filters to help you navigate through the events list. You can either select filters from the drop-down menu of a column or type in keywords that match your desired results.

Threats_Xplorer_Columns_sharpen.png

To set a predetermined time interval or customize one, use the Detected on filter from the left side of the filters area and select one of the following options:

  • Last 24 hours

  • Last 7 days

  • Last 30 days

  • Custom

The available columns are:

Company 

This column helps you filter detection events based on companies. You can select one or multiple companies and view the specific collection of events. You can also view events from all companies that you manage directly or from all companies you have access to by using the dedicated filters.

Category

This column classifies the identified threats using general categories such as files, emails, websites, processes, and others.

Details

This column provides specific information about the identified threat such as the path of the file or process, the web address of the website, the email subject, and more.

Action taken

This section presents the action taken on the threat as well as the number of occurrences. For example, using the available filters you can view blocked, deleted, quarantined, reported items, and others.

Endpoint name

This column provides you with the name of the device where the detection occurred. You can search for a specific device by typing its name in the search bar of the filter.

Detected on

This column provides you with the exact time and date of the detection.

Command-line

In this section, you can find details about the command-line used in the detected threat, if any.

Threat type

This column presents the type of identified threat. You can find specific events using the corresponding filter. For more information about the available threat types, refer to the Glossary section.

IP

In this section, you can find the IP address of the device where the detection occurred.

Endpoint type

This column provides information about the device type, whether it is a server, workstation, container, or container host.

User

In this column, you can find the username that was used in the attack.

Detecting module

This section provides you with the name of the GravityZone module that identified the threat. For more accurate search results, use the available filters.

Detecting technology

This section provides information about the GravityZone technology used to identify the threat.

Threat name

This column presents the exact name of the identified threat.

Fileless attack

This column provides details about the existence of a fileless attack.

SHA256

You can use this column to find information about the hash of a file.

Note

The items number located above the columns on the left side of the page represents the total number of detection events according to the selected filters. Additionally, you can find the number of occurrences that specifies how many times an event was detected.

You can use the options available on the upper right side of the page to:

  • Remove the filters section located above the columns.

  • Select or deselect the main columns you want to view according to your needs.

  • Adjust the grid to a compact view.

  • Refresh the grid and display the latest events.

  • Clear all the selected and applied filters.

For an improved security analysis and overall accessibility, you can access the Threats Xplorer page also from Executive Summary.