Search: Threat profile tab

The Threat profile tab displays a list of malicious activities observed in association with the searched IoC(s). These activities help you understand the severity of the threat by describing the potential harm associated. These activities are part of the analysis results generated by the VMware NSX Network Detection and Response. You can find more details about the different types of detected activities in Analysis report. The list is constructed using a range of sampled analysis reports (up to 100 reports) and the number of reports actually used in the computation is reported next to the tab title.

Above the Reports listing is a widget carousel. Results in the list can be modified or updated using the widget filters. Privacy is also enforced on this tab (see Results Privacy).

Reports list

The columns to be displayed in the list can be customized by clicking the additional content icon.

Customize the number of rows to be displayed. The default is 50 entries. Use the left arrow (back) and right arrow (forward) icons to navigate through multiple pages.

Each row displays a summary of a report. The list contains the following columns:

Occurrences

Displays how many time the activity was seen across the reports.

Click the sort icon to sort the list by the number of occurrences.

Severity

The severity of the behavior (see Risk assessment).

Icons indicate the environment the activity was running in during analysis.

The list is sorted by severity, by default in decreasing order (most severe at the top). Click the angle up icon to sort the list in increasing order (least severe at the top). Click the angle down icon to toggle to the default.

Type

Type of activity, for example, Execution or Network.

Click the sort icon to sort the list alphabetically by the activity.

Description

Full description of the activity.

Click the sort icon to sort the list alphabetically by the description.