The time the correlation object triggered a match.
The timestamp when the match was last updated.
The name of the correlation object that triggered the match.
The IP address of the user from whom the traffic originated
The user and user group information from the directory server, if User-ID™ is enabled.
A rating that classifies the risk based on the extent of damage caused.
A description that summarizes the evidence gathered on the correlated event.
The Host ID of the device.
To add a device to the quarantine list (
), click the down arrow next to the device’s
Host IDand select
Block Devicein the pop-up window that displays.
Match Details—A summary of the match details that includes the match time, last update time on the match evidence, severity of the event, and an event summary.
This tab includes all the evidence that corroborates the correlated event. It lists detailed information on the evidence collected for each session.