Network interaction sidebar

The Network interaction sidebar is expanded by clicking the IP address or domain name link of a specific host in the Network interactions & network IOCs column of the Threats tab. Click the to close the sidebar.

The Impact and IP address of the selected host are displayed at the top of the sidebar.

Click the Explore button then select one of the options from the pull-down menu. These options are deep links into the Network explorer page (Kibana interface), providing access to all the information related to the IP address.

Intelligence

The Intelligence section displays information from the Knowledge Base about the threats that were found on the host. Click the More details link to access the Intelligence pages.

Each threat shown is followed by a concise summary. Hover over the icon to access a descriptive pop-up containing more details about the threat. The threats are color coded: High risk threats are red, medium risk threats are orange, and low risk threats are green.

Important:

This section does not appear if you do not have a Knowledge Base license.

WHOIS summary

The WHOIS summary section displays key fields from the WHOIS record for the selected IP address or domain name. Click the More details link to access the WHOIS pop-up for more details about the IP address or domain.

Open in

The Open in ... section contains links to third-party providers such as DomainTools, VirusTotal, Google, and others. If there are more providers than fit in the view, you can click Expand for more to see them.

Communicating with

The Communicating with section lists the internal hosts communicating with this host. Use the button to select the Analysis report or the Network explorer page to view the communicating host.

For each host, the following is displayed:

The type of host.
The IP address of the host.
The host name or label.
The amount of data transferred between this host and the communicating host.