The Events tab in the Host Profile page displays detection and events information.
Detection events
The Detection events list shows the events that the NSX Network Detection and Response application found associated with the selected host. These events make up some of the incidents also listed for the host.
Customize the number of rows that are displayed. The default is 30 entries. Use the and icons to navigate through the multiple pages.
The columns to be displayed in the list can be customized by clicking the icon.
Each row displays a summary of an event. Click anywhere on an entry row to access the Event Summary sidebar.
The Detection events list contains the following columns.
Column Name |
Description |
---|---|
Timestamp |
Indicates the start time of the event. The time is shown in the currently selected time zone. The list is sorted by timestamp, by default in decreasing order (latest event at the top). You can use the icons to sort the list in increasing order (oldest event at the top) or toggle back to the default. |
Host |
The host in the monitored network that is involved in this event. This column will display the IP address, host name, or label of the host, depending on your current Display settings. |
Other IP |
IP address and port of the host that is related to this event. For example, 203.0.113.115:80 indicates that the IP address 203.0.113.115 was contacted on port 80. The system attempts to geo-locate the IP address. If it succeeds, a small flag icon indicates the country that possibly hosts that IP address. A Local Network icon is used for local hosts. |
Other Host |
The host name or IP address of the malicious/suspicious entry. |
Threat |
Name of the detected threat class. |
Threat Class |
Name of the detected threat class. |
Impact |
The impact value indicates the critical level of the detected threat and ranges from 1 to 100:
If the icon appears, it indicates the artifact has been blocked. Click the icon to sort the list by impact. |
Info Detection Events
The Info Detection Events list shows INFO
events associated with the selected host. This list contains the same columns as the Detection events list.