Detected Threats in the Events Page

The Detected threats widget on the Events page provides a visualization of all types of threat classes and threats that the NSX Network Detection and Response application discovered in your network.

By clicking the rectangle for a specific threat class, you can further examine the threats it contains within the same visualization. When you select a specific threat, the system displays details about that particular threat and its activity in your network.

Note:

Your selections, as you navigate to the individual threats, trim the Detection Events list. Conversely, when you use the filters to narrow the displayed list of events, the threats presented in the Detected threats widget are also filtered.

Threat Class

The initial view shows the threat classes that have been detected on your network, similar to the following image.

Detected threats widget on the Events page. Described by surrounding text.

The rectangles represent the threat classes that have been detected on your network. The size of each rectangle is scaled based on the number of events for each detected threat class. The colors of the blocks indicate the severity of the threat.

The list on the right side of the widget shows the list of top detected threats. When you point to an item in the list, a pop-up window gives further information about the threat, its class, and the number of events and affected hosts.

When you point to a specific rectangle for a threat class, a pop-up window appears. It shows the threat class, the number of unique threats, and a breakdown of the number of events and participating hosts. Clicking the pop-up window or the rectangle allows you to drill down into the unique threats that make up the selected threat class.

Unique Threats

The subsequent view shows the threats that make up the selected threat class. The rectangles are scaled based on the number of events for each detected threat and the colors indicate the severity of the threat.

A pop-up window is displayed when you hover over a specific threat. It shows the threat and a breakdown of the number of events and participating hosts. When you click the pop-up window or the rectangle to select the threat, Threat Details is displayed on the right side of the widget.

Threat Details

The Threat details section lists the following information:

THREAT: The name of the threat.
CLASS: The name of the threat class.
MAX IMPACT: The maximum impact of events detected for the threat.
EVENTS: The number of detected events.
HOSTS: The number of targeted hosts. To view the Hosts list, click the number link. See Hosts List for more details.
FIRST SEEN/LAST SEEN: A bar graph that shows the timestamps seen for the threat. The Duration is displayed underneath.