Infections over time

The Infections over time widget provides a graphical overview of the different kinds of incidents detected in the network. The x-axis depicts the time (defaults to the portal settings value) and the y-axis the number of hosts affected by incidents of a given type.

There are three different types of incidents:

• Infections are incidents that have been determined to be critical. These incidents have been given an impact score of 70 or above and are displayed in red.

• Watchlist are incidents that have been determined to be of medium risk. Such incidents, while indicating a potential risk, may not need immediate attention; they are kept under close watch in case new evidence appears that modifies their status. These incidents have been given an impact score of between 30 and 69 and are displayed in orange.

• Nuisances are incidents that are considered low or no risk. This typically corresponds to potentially unwanted/risky activity that does not necessarily indicate a compromise or infection on the monitored network. These incidents have been given an impact score of lower than 30 and are displayed in blue.

You can display or hide the different incident types by clicking on their names in the legend at the top of the graph.

When you hover your mouse over a bar on the graph, the widget displays a pop-up showing the number of hosts in the network affected by the corresponding incidents.

When you click the bar, the time range and incident type is updated accordingly and the dashboard displays information for that incident type on the selected day.

To undo the zoom, reset the time range in the portal settings. Note that this will leave the incident type selected. To reset the dashboard, use the back button in your browser.

The default view shows the incidents in grouped display. Click Stacked to view the incidents in a stacked display. Click Grouped to reset to the grouped display.