Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Host Details

Access this page by clicking the Host Identifier from the Monitor >Hosts page. Double click on the host to view summary details and malicious files that have been downloaded.

Use the host details page to view in-depth information about current threats to a specific host by time frame.

For C&C threat sources, you can change the host identifier, the investigation status, and the blocked status of the host

The information provided on the host details page is as follows:

Table 1: Threat Level Recommendations

Threat Level

Definition

0

Clean; no action is required.

1–3

Low threat level. Recommendation: Disable this host.

4–6

Medium threat level. Recommendation: Disable this host.

7–10

High threat level. Host has been automatically blocked.

  • Host Identifier—Displays the Juniper ATP Cloud-assigned name of the host. You can edit this name by entering a new name in this field and clicking Save. To return to the default assigned name, click Reset.

  • Host IP Address—Displays the IP address of the selected host.

  • MAC Address—This information is only available when Juniper ATP Cloud is used with Policy Enforcer.

  • Host Status—Displays the current threat level of the host and recommended actions.

  • Investigation Status—The following states of investigation are available: Open, In progress, Resolved - false positive, Resolved - fixed, and Resolved - ignored.

  • Policy override for this host—The following options are available: Use configured policy (not included in infected hosts feed), Always include host in infected hosts feed, Never include host in infected hosts feed.

    Note:

    The blocked status changes in relation to the investigation state. For example, when a host changes from an open status (Open or In Progress) to one of the resolved statuses, the blocked status is changed to allowed and the threat level is brought down to 0. Also, when the investigation status is changed to resolved, an event is added to the log at the bottom of the page.

  • Host threat level graph—This is a color-coded graphical representation of threats to this host displayed by time frame. You can change the time frame, and you can slide the graph backward or forward to zoom in or out on certain times. When you zoom in, you can view individual days within a month.

  • Expand time-frame to separate events—Use this check box to stretch a period of time and see the events spread out individually.

  • Past threats—The date and status of past threats to this host are listed here. The time frame set previously also applies to this list. The description for each event provides details about the threat and the action taken at the time.

Related Documentation