Go to the table of contents Go to the previous page Go to the next page View or print as PDF
The Status Dashboards > Threats dashboard > Investigate threat event details
Investigate threat event details
Administrator Help | Forcepoint Web Security and Forcepoint URL Filtering | v8.5.x
Use the Dashboard > Threats > Event Details page to research suspicious activity incidents. The page can show incidents related to:
*
*
At the top of the page, a table lists each incident associated with the selected user, IP address, hostname, or severity level. The table shows 10 rows of data per page.
*
*
*
Click Customize in the toolbar at the top of the content pane to change the columns shown in the table. The detail table has the same column options as the summary table on the Threats dashboard.
*
The incident details section includes a link to ACEInsight. Use this link to view current information about the URL and threats associated with the incident.
*
With Forcepoint Web Security, files associated with attempts to either infect your network or send sensitive data out of your network may be captured. File-related data is referred to collectively as forensic data, and it is stored in a special database, called the forensics repository.
*
*
When forensics capture is enabled and there are files (like spreadsheets, documents, or compressed files) associated with an incident, an icon appears in the Forensics column of the Event Details table. When you select an incident that includes forensics data, information about any files associated with the incident is displayed in the Forensic Data section of the page (see Reviewing threat-related forensic data).
 
Warning 
If a user agent header was captured for the incident, the User Agent String field includes a link that you can use to Search for other instances of the user agent. Click the link to see results on the Search tab of the Reporting > Applications page. See Application reporting for more information about application reports and user agents.
To export event information to a CSV file, click Export in the toolbar at the top of the content pane. All threat-related events logged in the selected time period are exported; not just those for the user, IP address, hostname, or severity level currently displayed on the page.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
The Status Dashboards > Threats dashboard > Investigate threat event details
Copyright 2018 Forcepoint. All rights reserved.