Filters

An easy-to-use filtering mechanism is provided that allows you to focus on the information that you are interested in. Click the plus icon to expand the Filters widget.

Note:

The use of filters is optional.

Click Filter by and select an item from the pull-down menu. Select from Application families, Applications, Device type, Home network, Host IP, Host tags, Hosts with threats, Campaign UUID, Operating system families, Operating systems, Priority, Read, Status, Threat, or Threat class.

You can combine multiple filters to narrow the focus. You can also deploy multiple instances of some filters.

Delete an individual filter by clicking the Remove minus button next to its entry. Delete all the selected filters by clicking the cancel/close icon. This also collapses the Filters widget.

Click Apply reload to apply the selected filters.

Application families

Restrict the displayed entries by the application family used by the host, for example, "Chrome" or "Firefox".

Applications

Restrict the displayed entries by the application used by the host, for example, "Google Chrome 80.0.3987.100" or "Firefox 73.0 (64-bit)".

Device type

Restrict the displayed entries by the type of host, for example, "mobile device", "server", or "endpoint".

Home network

Restrict the displayed entries by the Home network setting. Select Home network only or Unidentified networks only from the pull-down menu.

Host IP

Restrict the displayed entries to a specific source IP address, IP address range, or CIDR block.

Host tags

Restrict the displayed entries by the Hosts tags. Select the tags from the pull-down menu.

Hosts with threats

Restrict the displayed entries by the Hosts with threats status. Select Only hosts with threats or All hosts from the pull-down menu.

Campaign UUID

Restrict the displayed entries by the Campaign UUID. This is a 32-character hexadecimal string, for example, 7dabc0fc9b3f478a850e1089a923df3a.

Alternatively, enter the string null to select records that do not belong to any campaign.

Operating system families

Restrict the displayed entries by the operating system family on the host, for example, "Linux" or "Windows".

Operating systems

Restrict the displayed entries by the operating systems on the host, for example, "Ubuntu 18.04" or "Windows NT 10.0".

Priority

Restrict the displayed entries by the Priority status. Select Infection, Watchlist, or Nuisances from the pull-down menu.

See the infections list for details.

Read

Restrict the displayed entries by their Read status. Select Read or Unread from the pull-down menu.

Status

Restrict the displayed entries by their status. Select Closed, or Open from the pull-down menu.

Threat

Restrict the displayed entries by a specific Threat. Select a threat from the pull-down menu. The menu is prepopulated with a list of cataloged threats.

Use the search function at the top of the menu to quickly find a threat name.

Threat class

Restrict the displayed entries to a specific class of events. Select the threat class from the pull-down menu. The menu is prepopulated with a catalog of classes, such as:

  • adware Malware that displays or downloads advertisements to an infected computer.

  • click-fraud Click-fraud targets pay per click online advertising.

  • command & control An infected machine belongs to a botnet and the machine can be remotely controlled by an attacker.

  • drive-by An attacker attempted to exploit a vulnerability on the machine in order to install additional malware on the target system.

  • exploit toolkit Detection of an exploit toolkit that attempted a drive-by download attack

  • fake-av Fake antivirus software or other kinds of rogue security software designed to trick or mislead your users.

  • inactive C&C The command & control server for this specific botnet is inactive.

  • VMware blocking test The domain block.lastline.com is used to test blocking of network connections and the selected events belong to this class.

  • VMware test The domain test.lastline.com is used to test the functionality of the setup and the selected events belong to this class.

  • malicious file download, malware distribution, and malware download The IP address or domain hosts malicious executables.

  • sinkhole A sinkhole is operated by a legitimate organization, so it does not pose a threat. However, hosts that try to contact such a host may be infected.

  • spyware Malware that attempts to steal sensitive information.

  • suspicious DNS Suspicious DNS domains are domains that are contacted by malware running on infected machines. Our proprietary techniques were able to proactively identify these domains as malicious.

  • unknown An unknown security risk was detected.

Use the search function at the top of the menu to quickly find a class name.