The Events tab in the Host Profile page displays detection and events information.

Detection events

The Detection events list shows the events that the NSX Network Detection and Response application found associated with the selected host. These events make up some of the incidents also listed for the host.

Customize the number of rows that are displayed. The default is 30 entries. Use the angle-left arrowhead icon and right arrowhead icon icons to navigate through the multiple pages.

The columns to be displayed in the list can be customized by clicking the three horizontal bars icon icon.

Each row displays a summary of an event. Click anywhere on an entry row to access the Event Summary sidebar.

The Detection events list contains the following columns.

Column Name

Description

Timestamp

Indicates the start time of the event. The time is shown in the currently selected time zone.

The list is sorted by timestamp, by default in decreasing order (latest event at the top). You can use the icons to sort the list in increasing order (oldest event at the top) or toggle back to the default.

Host

The host in the monitored network that is involved in this event. This column will display the IP address, host name, or label of the host, depending on your current Display settings.

Other IP

IP address and port of the host that is related to this event. For example, 203.0.113.115:80 indicates that the IP address 203.0.113.115 was contacted on port 80.

The system attempts to geo-locate the IP address. If it succeeds, a small flag icon indicates the country that possibly hosts that IP address. A Local Network icon is used for local hosts.

Other Host

The host name or IP address of the malicious/suspicious entry.

Threat

Name of the detected threat class.

Threat Class

Name of the detected threat class.

Impact

The impact value indicates the critical level of the detected threat and ranges from 1 to 100:

  • Threats that are 70 or above are considered to be critical.

  • Threats that are between 30-69 are considered to be medium-risk.

  • Threats that are between 1-29 are considered to be benign.

If the blocked icon icon appears, it indicates the artifact has been blocked.

Click the sort icon icon to sort the list by impact.

Info Detection Events

The Info Detection Events list shows INFO events associated with the selected host. This list contains the same columns as the Detection events list.