Hosts list

The Hosts list shows those hosts that meet the criteria of the selected filters (Filter shortcuts and/or Filters) and displays the corresponding threat levels. If no filters have been selected, all hosts in your network are displayed.

The quick search field above the list provides fast, as-you-type search. It filters the rows in the list, displaying only those rows that have text, in any field, that matches the query string.

Note:

If the list is very long, the quick search only scans the first 1,000 entries and may return incomplete results. The total results returned is displayed at the top of the list.

Use the Select pull-down menu for a fine-tuned selection. Its options allow you to select All visible messages or to Clear selection. You can also click the checkbox icon in the title row to select all visible hosts.

You can apply/remove host tags on blocks of hosts:

  • Select one or more hosts and then click the Add tag button to add a tag with the Add host tag pop-up. If no hosts are selected, the button is inactive.

  • Select one or more hosts and then click the Remove tag button to remove an existing tag with the Remove host tag pop-up. If no hosts are selected, the button is inactive.

Customize the number of rows to be displayed. The default is 20 entries. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

Each row is a summary of a host. Click anywhere on an entry row to access the Host summary sidebar. To select a host row, click the checkbox icon.

The list includes the following fields:

Impact

Active threats on the host are denoted with the flame (active threat) icon.

The impact value indicates the critical level of the detected threat and ranges from 1 to 100:

  • Threats that are 70 or above are considered to be critical.

  • Threats that are between 30 and 69 are considered to be medium-risk.

  • Threats that are between 1 and 30 are considered to be benign.

IP

The IP address of the host. Click the link to filter the host list by the IP address.

Host name

The name or label of the host. The host name may be truncated if it is too long. Hover your mouse over the name to see the full text in a pop-up.

Sensor

The Sensor that detected the incidents affecting this host.

Threats

Displays the name of the top detected security risk and the number of threats detected on the host. If the name has a tag icon, you can click it for a pop-up description of the threat.

Threat activity

Timestamps from when the first event and last event comprising this incident was seen.

Device type

The first detected device type for the host. Device may be a Endpoint, Laptop, Phone, Server, etc. A number indicates if multiple devices were detected.

OS

The detected operating system for the host. A host may have multiple operating systems.

Campaigns

The bug icon indicates the number of campaigns the host is part of.

Tags

Displays any tags assigned to the host. A number indicates if multiple tags were assigned. Hovering over a tag or tag count will display all the tags.

Add host tag pop-up

The Add host tag pop-up displays the number of hosts selected. In the textbox, enter a tag, then click Add tag. You can also select a system-defined tag or another existing tag.

In the Activity block, the pop-up reports the success or failure of the request.

Click Close to dismiss the pop-up.

Remove host tag pop-up

The Remove host tag pop-up displays the number of hosts selected. In the textbox, select a tag from the pull-down menu or enter an existing tag, then click Remove tag.

In the Activity block, the pop-up reports the success or failure of the request.

Click Close to dismiss the pop-up.