Bitdefender B2B Help Center

Threats Xplorer

Threats Xplorer is specially designed to offer you highly increased visibility over the detected threats in your network. The feature centralizes detection events from multiple GravityZone technologies and classifies them by category, threat type, remediation actions, and many others.

You can easily identify and analyze any event from your company over a specific time interval by using the available filters.

Smart_Views_-_General_view2.png

On the Threats Xplorer page, you can view the complete list of the detection events in your network. The grid displays the entries in reverse-chronological order, this way the most recent events are always at the beginning.

Important

  • The presented data is directly correlated with the selected period, company, and license key.

  • The grid displays the detection events from the last 90 days.

The feature centralizes detection events from the following modules:

  • Antimalware

  • Network Protection

  • Storage Protection

  • Exchange Protection

  • Device Control

  • Firewall

Analyzing Detection Events

Threats Xplorer provides a wide variety of columns and filters to help you navigate through the events list. You can either select filters from the drop-down menu of a column or type in keywords that match your desired results.

Threats_Xplorer_Columns_sharpen.png

To set a predetermined time interval or customize one, use the Detected on filter from the left side of the filters area and select one of the following options:

  • Last 24 hours

  • Last 7 days

  • Last 30 days

  • Custom

The available columns are:

Company 

This column helps you filter detection events based on companies. You can select one or multiple companies and view the specific collection of events. You can also view events from all companies that you manage directly or from all companies you have access to by using the dedicated filters.

Category

This column classifies the identified threats using general categories such as files, emails, websites, processes, and others.

Details

This column provides specific information about the identified threat such as the path of the file or process, the web address of the website, the email subject, and more.

Action taken

This section presents the action taken on the threat as well as the number of occurrences. For example, using the available filters you can view blocked, deleted, quarantined, reported items, and others.

Endpoint name

This column provides you with the name of the device where the detection occurred. You can search for a specific device by typing its name in the search bar of the filter.

Detected on

This column provides you with the exact time and date of the detection.

Command-line

In this section, you can find details about the command-line used in the detected threat, if any.

Threat type

This column presents the type of identified threat. You can find specific events using the corresponding filter. For more information about the available threat types, refer to the Glossary section.

IP

In this section, you can find the IP address of the device where the detection occurred.

Endpoint type

This column provides information about the device type, whether it is a server, workstation, container, or container host.

User

In this column, you can find the username that was used in the attack.

Detecting module

This section provides you with the name of the GravityZone module that identified the threat. For more accurate search results, use the available filters.

Detecting technology

This section provides information about the GravityZone technology used to identify the threat.

Threat name

This column presents the exact name of the identified threat.

Fileless attack

This column provides details about the existence of a fileless attack.

SHA256

You can use this column to find information about the hash of a file.

Note

The items number located above the columns on the left side of the page represents the total number of detection events according to the selected filters. Additionally, you can find the number of occurrences that specifies how many times an event was detected.

You can use the options available on the upper right side of the page to:

  • Remove the filters section located above the columns.

  • Select or deselect the main columns you want to view according to your needs.

  • Adjust the grid to a compact view.

  • Refresh the grid and display the latest events.

  • Clear all the selected and applied filters.

For an improved security analysis and overall accessibility, you can access the Threats Xplorer page also from Executive Summary.

Using Smart Views

Smart Views is focused on adding a new level of personalization in Threats Xplorer. You can now create your own customized views or use predefined ones and quickly switch between them as needed.  

In a single view, you can customize filters, and different time intervals, add or remove columns and scale their size.

Smart_View_Hybrid2.png

Smart Views provides you with a set of useful standard views with predefined filters, columns, and time intervals:

  • General view provides you with the default filters and columns.

  • Hybrid detections view filters different threats proactively detected by multiple GravityZone technologies.

  • Policy rule-based detections view organizes all events triggered by policy rule violations. 

  • Device Control activity view shows threats proactively detected by the Device Control module.

You can use any standard view as is or temporarily modify it to suit your needs. You can also clone a view or use it as a template to create your own. 

Note

  • Standard views and their changes can be saved only as new views.

  • GravityZone console retains the selected view even if you leave the section or log out until you change it yourself with another view. This way, you can always pick up from where you left and analyze the security events of interest.

Creating custom views
  1. Choose a standard view.

  2. Personalize according to your needs:

    Select, apply and add different filters

    Smart_Views_-_select_filters_-_edited.png

    Add or remove columns from the right-side panel

    Smart_Views_-_select_columns_-_edited.png

    Use the Discard changes button from the upper right corner of the page to undo your selections if necessary.

  3. Save your changes using the Save as button from the upper right corner of the page.

  4. Enter a name for the view and click Save. You can find the new view in the Custom section.

    Smart_Views_-_Final_view_-_edited.png
Editing custom views

You can edit a custom view anytime, however, please note that you need to save your changes after applying them. 

To edit a custom view:

  1. Choose a custom view.

  2. Personalize according to your needs. Use the Discard changes button to undo your selections if necessary.

  3. Save your changes using the Save button from the upper right corner of the page.

Renaming and deleting custom views

To delete or rename a custom view click the corresponding vertical ellipses from the views panel and select the action. 

Rename-delete_view.png

Exporting Detection Events

Threats Xplorer provides the possibility of accessing and managing the centralized data outside GravityZone Control Center. The export functionality helps you import the detection events in other software programs tailored for your business. 

To save detection events on your computer as a CSV file:

  1. Click Export.PNG Export CSV from the upper right side of the Threats Xplorer page. 

  2. Depending on your browser settings, the file may be downloaded automatically to a default download location, or a download window will appear, where you must specify the destination folder.  

    A pop-up notification on the Threats Xplorer page will inform you when the export is complete.

The saved file contains all the detection events corresponding to your filtering selection.

Note

You can export up to 500.000 detection events at a time.