Findings
The Findings widget is a table that displays each finding with information that can help you see more detailed information. Only 5000 of the total results can be displayed in the table.
• Timestamp: The date and time of the finding.
• Type: The type of threat.
• Message: The name of the threat.
• Hostname: The hostname from where the finding originated.
• Source Address: The source IP address of the finding.
• Dest Address: The destination IP address of the finding.
• Category: The category of the finding which tells the analyst the type of attack.
• Disposition: The outcome of the research set by analyst.
• Domain: The domain of the finding.
• Flow Count: The number of flows that include the finding.
• Tags: The tags that help the analyst search on the type of finding.
• Magnifying Glass (icon): Click the magnifying glass icon to view the details of the finding. (Details, Flows, Finding JSON, PassiveDNS, Intelligence, Comments).