The Campaigns page displays campaign cards for any detected campaigns. A campaign card shows the calculated threat score, the campaign name (Campaign ID), the latest attack stage that the NSX Network Detection and Response application detected, the number of affected hosts, the number of different threats, and the campaign status.

Managing Campaign Cards

You can sort the campaign cards by clicking the Sort By drop-down menu and selecting from the list of criteria: Impact (the default), Stage, Hosts, Threats, Newest, or Latest Activity.

Select the campaign cards that you want displayed by clicking the States drop-down menu and selecting from Show All (the default), Open, In Progress, Done, or Updated. You can select more than one option. Clear a selection by clicking the option again.

To view all the available details about a campaign, click the Campaign ID link and the details about the campaign are displayed. See Understanding the Campaign Details Page.

Click anywhere on a campaign card and the Campaign Summary sidebar appears on the right side.

Understanding the Campaign Summary Sidebar

The Campaign Summary sidebar is displayed on the right side of the Campaigns page when you click anywhere on a campaign card.

The following describes what you see on the Campaign Summary sidebar.

Top section

At the top of the sidebar are the following items:
  • The calculated threat score and the campaign name/ID (in long hash format) are displayed at the top.
  • The View Details button, when clicked, gives you access to the Campaign details page. See Understanding the Campaign Details Page for more information.
  • The number of hosts affected by the campaign is displayed.
  • The number of threat types involved in the campaign is displayed.


The next section of the panel includes the following information.
  • Campaign Name/Campaign ID – You can click the pencil icon and optionally edit the campaign name/ID.
  • State – Select the triage status of the campaign from the drop-down menu. Select from Open, In progress, Updated, or Done.
  • First Seen and Last Seen – Shows a linear graph with the timestamp from when the evidence was first and last seen. The Duration is displayed after the graph.

Attack Stages Seen

The Attack Stages Seen section displays the attack stages, highlighting the current campaign attack stages. Point to a highlighted activity (for example, Exploitation) to view a pop-up window with more information about the stage. See About Attack Stages for details.

Host Affected

The Hosts Affected section displays the hosts that are involved in the selected campaign. To view the Host profile page, click the IP address link. See Host Profile Page.

To see details about the hosts on the Hosts tab, click View hosts. See Campaign Details: Hosts Tab for more information.


The Threats section displays the current threats detected in the selected campaign. The color code indicates the severity of the threat: red for high severity, yellow for medium, and blue for low.

To view detailed information about the campaign on the Campaign timeline tab, click View threats. See Campaign Details: Timeline Tab for more information.