Use the Security Overview dashboard to view the summary-level statistics of file inspections in the NSX-T Data Center.

You can filter the file inspection statistics (file events statistics) on the dashboard for a specific time period. The default time period for each graph on the dashboard is last one hour. Maximum supported time period for each graph is last 14 days.

The following file events statistics for the selected time period are shown in a graphical format on this dashboard:
  • Total number of inspected file events, malicious file events, suspicious file events, and blocked files.
  • Number of file inspections for different ranges of threat score.
  • Top five recently inspected files in the data center sorted by the timestamp.
  • Top five malicious files detected in the data center.
  • Trend of malicious file events, suspicious file events, and suppressed file events in the data center.
  • Distribution of file inspections based on the malware family to which the files belong.
  • Breakdown of file inspections by the type of analysis performed (local file analysis, cloud file analysis).

Prerequisites

  • NSX Malware Prevention feature is activated successfully in the NSX Application Platform.
  • NSX Malware Prevention feature is activated on the ESXi host clusters or tier-1 gateways, or both, depending on your security requirements.

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Navigate to Security > Security Overview > Threat Detection & Response > Malware Prevention.
    File events statistics are displayed. By default, all the graphs show statistics for the last one week.
  3. At the top-right corner of each graph, click the drop-down menu to filter the statistics for the time period that you are interested in.
  4. Point to the various data points in the graphs to view additional information as tooltips.
  5. (Optional) Click the linked texts on this dashboard to jump to the other dashboard pages and drill down to the inspection details and history of inspections for specific files.
    For example:
    • Click the Malicious File Events hyperlinked text to jump to the Potential Malware page on the Malware Prevention dashboard.
    • Click the Inspected File Events hyperlinked text to jump to the All Files page on the Malware Prevention dashboard.