The Infections over time widget provides a graphical overview of the different kinds of incidents detected in the network. The x-axis depicts the time and the y-axis the number of hosts affected by incidents of a given type.
There are three different types of incidents.
Incident Type |
Description |
---|---|
Infections |
These are incidents that have been determined to be critical. These incidents have been given an impact score of 70 or above and are displayed in red |
Watchlist |
These are incidents that have been determined to be of medium risk. Such incidents, while indicating a potential risk, may not need immediate attention; they are kept under close watch in case new evidence appears that modifies their status. These incidents have been given an impact score of between 30 and 69 and are displayed in orange. |
Nuisances |
These are incidents that are considered low or no risk. This typically corresponds to potentially unwanted/risky activity that does not necessarily indicate a compromise or infection on the monitored network. These incidents have been given an impact score of lower than 30 and are displayed in blue. |
You can display or hide the different incident types by clicking their corresponding names in the legend at the top of the graph.
When you point to a bar on the graph, a pop-up window displays the number of hosts in the network that are affected by the corresponding incidents.
When you click a bar, the time range and incident type is updated accordingly. The dashboard only displays information for that incident type on the selected day.
To undo the zoom, reset the time range. Note that this will leave the incident type selected. To reset the dashboard, use the back button in your browser.
The default view shows the incidents in grouped display. Click Stacked to view the incidents in a stacked display. Click the Grouped to reset to the grouped display.