Skip to main content
Threat Hunting Dashboard

Provides information about the Threat Hunting dashboard and its components.

Updated over 2 months ago

The following article provides information about the Threat Hunting dashboard.

Know your Threat Hunting Dashboard

Overview

This page displays the Threat Hunt jobs created for backed-up resources such as VMware.

Access path

Click the Global Navigation Panel and select Cyber Resilience > Threat Hunting. The Threat Hunting Dashboard page will then be displayed.

Use the Threat Hunting dashboard page to get a summary view of the all the existing Threat Hunt jobs.

  • Last Updated: The date and time when the details of the page were last updated.

  • Threat Hunt job listing summary section: Displays list of all the Threat Hunt jobs created

    • Threat Hunt Name

    • Date and Time when the scan is initiated

    • Scan Status - Queued, Running, Completed, Failed, or Cancelled

    • Total malicious file matches found during the Threat Hunt job

    • Number of resources with malicious file matches found during the Threat Hunt job

    • Number of snapshots with malicious file matches found during the Threat Hunt job

To view details for a specific Threat Hunt job, click on the Threat Hunt Name.

Use the Scan Results and Scan Parameters tab for more information.

Scan Results tab

Provides the scan results detailed view for a specific Threat Hunt job.

  • Summary section

    • Scan Status - Queued, Running, Completed, Failed, or Cancelled. Threat Hunt job may fail due to any one of the following reasons:

      • You provided only file hashes as the scan criteria. No corresponding SHA1 values were found for the files with SHA-256/MD5 file hashes as scan input criteria. To resolve this issue, provide an alternative scan criteria or the SHA1 file hash as input.

      • An internal error occurred. Try again after some time

    • Date and Time when the scan is initiated

    • Date and Time when the scan is complete

    • Total malicious file matches found during the Threat Hunt job

    • Number of resources with malicious file matches found during the Threat Hunt job

    • Number of snapshots with malicious file matches found during the Threat Hunt job

  • The Resources section displays the count of resources in the Threat Hunt job

    • Name of the virtual machine

    • The count of total snapshots available for scan for the virtual machine

    • Total malicious file matches found during the Threat Hunt job

    • Number of snapshots with malicious file matches found during the Threat Hunt job

    • First snapshot of the virtual machine for which malicious file matches were found

    • Last snapshot of the virtual machine for which malicious file matches were found

    • Latest, cleanest, and safest snapshot of the virtual machine. Use this snapshot for data restoration.

    • The count of quarantined snapshots for the virtual machine

Scan Parameters tab

Provides the scan results and scan criteria detailed view for a specific Threat Hunt job.

  • Scan Details section

    • Threat Hunt Name

    • Description of the Threat Hunt if provided

    • Administrator details who created the Threat Hunt job

    • If the Auto Quarantine feature is enabled or disabled

  • Scan Criteria section

    • If the Pre-defined File Hash option is enabled or disabled

    • The count of custom file hashes or file extensions provided for the scan. File hashes might get skipped from the scan in the following scenario:

      • No corresponding SHA1 values were found for the files with SHA-256/MD5 file hashes as scan input criteria. Click Download List to view the skipped SHA-256/MD5 file hashes.

        Action Required: To resolve this issue, provide the SHA1 file hash as input.

  • The Resources to scan section: Displays resource details such as the resource type, the total resource count, and the scan date range

Actions

  • The New Threat Hunt option allows you to create a new threat hunt job for resources

  • The three dots - More options allow you to:

    • Duplicate an existing Threat Hunt job

    • Delete the Threat Hunt job

    • Cancel the Threat Hunt job that is in progress - running or queued state

  • The Quarantine button allows you to manually quarantine and isolate infected snapshots

  • Use the Download Report option to download Detail or File-level (Summary) reports of scanned resources for further investigation

Filters

You can sort and filter your search results for created Threat Hunt jobs using the Filter option.

  • Choose the Scan Status filter to sort and view Threat Hunt jobs based on the scan status, such as Running, Completed, Canceled, and so on.

  • Choose the Scan Results filter to sort and view Threat Hunt jobs only for the resources with malicious file matches

Use the Apply button to apply the filters and Reset to cancel the filters applied for sorting.

You also have an option to search using Threat Hunt Name.

Did this answer your question?