The following article provides information about the Threat Hunting dashboard.
Know your Threat Hunting Dashboard
Overview
This page displays the Threat Hunt jobs created for backed-up resources such as VMware.
Access path
Click the Global Navigation Panel and select Cyber Resilience > Threat Hunting. The Threat Hunting Dashboard page will then be displayed.
Use the Threat Hunting dashboard page to get a summary view of the all the existing Threat Hunt jobs.
Last Updated: The date and time when the details of the page were last updated.
Threat Hunt job listing summary section: Displays list of all the Threat Hunt jobs created
Threat Hunt Name
Date and Time when the scan is initiated
Scan Status - Queued, Running, Completed, Failed, or Cancelled
Total malicious file matches found during the Threat Hunt job
Number of resources with malicious file matches found during the Threat Hunt job
Number of snapshots with malicious file matches found during the Threat Hunt job
To view details for a specific Threat Hunt job, click on the Threat Hunt Name.
Use the Scan Results and Scan Parameters tab for more information.
Scan Results tab
Provides the scan results detailed view for a specific Threat Hunt job.
Summary section
Scan Status - Queued, Running, Completed, Failed, or Cancelled
Date and Time when the scan is initiated
Date and Time when the scan is complete
Total malicious file matches found during the Threat Hunt job
Number of resources with malicious file matches found during the Threat Hunt job
Number of snapshots with malicious file matches found during the Threat Hunt job
The Resources section displays the count of resources in the Threat Hunt job
Name of the virtual machine
The count of total snapshots available for scan for the virtual machine
Total malicious file matches found during the Threat Hunt job
Number of snapshots with malicious file matches found during the Threat Hunt job
First snapshot of the virtual machine for which malicious file matches were found
Last snapshot of the virtual machine for which malicious file matches were found
Latest, cleanest, and safest snapshot of the virtual machine. Use this snapshot for data restoration.
The count of quarantined snapshots for the virtual machine
Scan Parameters tab
Provides the scan results and scan criteria detailed view for a specific Threat Hunt job.
Scan Details section
Threat Hunt Name
Description of the Threat Hunt if provided
Administrator details who created the Threat Hunt job
If the Auto Quarantine feature is enabled or disabled
Scan Criteria section
If the Pre-defined File Hash option is enabled or disabled
The count of custom file hashes or file extensions provided for scan
The Resources to scan section: Displays resource details such as the resource type, the total resource count, and the scan date range
Actions
The New Threat Hunt option allows you to create a new threat hunt job for resources
The three dots - More options allow you to:
Duplicate an existing Threat Hunt job
Delete the Threat Hunt job
Cancel the Threat Hunt job that is in progress - running or queued state
The Quarantine button allows you to manually quarantine and isolate infected snapshots
Use the Download Report option to download Detail or File-level (Summary) reports of scanned resources for further investigation
Filters
You can sort and filter your search results for created Threat Hunt jobs using the Filter option.
Choose the Scan Status filter to sort and view Threat Hunt jobs based on the scan status, such as Running, Completed, Canceled, and so on.
Choose the Scan Results filter to sort and view Threat Hunt jobs only for the resources with malicious file matches
Use the Apply button to apply the filters and Reset to cancel the filters applied for sorting.
You also have an option to search using Threat Hunt Name.