With the All Events page of the Administration Interface, Threat View enables you to investigate your threat exposure based on events, and visualizes the results as a world map and a list widget. With the available filters you can quickly zoom into a small and specific set of events and gain insights into the activity of a specific user. To enhance clarity, the world map visualization is limited to time periods of the previous day or the last 7 days.
The time period and threat event filters apply to both widgets; the filters for the user ID, session ID, and device ID are only available for the list widget.
To access All Events, open the Threat View Dashboard and navigate to Latest Events > View More.
Investigation parameters
The data source is the same as that for the Latest Events list on the Dashboard, but on the All Events page, filters for the time period and threat event are available as parameters for event-based investigations. Select the threat event and time period you wish to analyze from the dropdown menus on the top of the All Events page.
Available time periods:
Today (default value): this covers all the events of “today” since the last time the data was processed.
Previous day
Previous 7 days
Available threat events: All. You can select any threat event analyzed by Threat View for analysis. See also Types of monitored threats.
Visualizations
Based on the selected parameters, the All Events page visualizes the data for the selected threat event that matches the selected time period the list and world map widget.
World map
The world map shows circles in the countries where those devices, on which the events occurred during the selected time window, were located at that time. The circle radius increases with the number of detected events. If you hover the mouse pointer over a highlighted country, Threat View displays a tooltip with the country name and the absolute number of events.
As the world map widget operates with processed event information, if the time period filter is set to Today, real-time data cannot be reliably visualized. In that case, the page will display a static world map and an information that no aggregated data is available.
To facilitate locating countries, and especially smaller countries, the countries in the map are displayed in different colors. Threat View also provides buttons to zoom into and out of the map, and a Reset button to quickly resize the map to its default display size.
List
The All Events list includes any event matching the selected time period and threat event, and provides the following information for the matched events:
Event type
Threat event
Time (as timestamp in UTC)
User ID
Session ID
Device ID
Operating system
Location (as country code)
The list includes all threat events. It is paginated to enable convenient navigation and prevent the need of having to retrieve and verify all of these events.
Available filters
To allow more detailed analyses, the All Events list can be filtered by the following parameters/list columns:
Device ID
Session ID
User ID
To filter the All Events list
In the All Events list, click on the value you want to analyze more closely to select the entire string, and copy it.
The values in these columns are displayed abridged but are copied and pasted as full values for use in the filter.
Click the filter button above the list.
From the Columns menu, select the column on which you want to focus.
In the Value field, paste the copied value.
Threat View validates the input in this field and displays an error message in the filter menu for the following:
If you select Device ID or Session ID and do not enter a value.
If you select Device ID and the entered value is not hexadecimal.
Click Apply.
To return to the entire list, click the X in the filter field.