Reading the Threat Topology Map

Legend

Item	Description
	Internal host. A computer in a private network, such as your organization's network.
	External host. A computer in a public network, such as the internet.

By default, the hosts are grouped by Threat type and Host type. For more information, see Filtering the Threat Topology Map.

To view the hosts on the Threat Topology map:

1. In the Group by section, clear the checkboxes for Threat type and Host type.

   The map shows all the hosts from the events in the selected time frame and search query.

   

   You can drag and re-arrange the hosts to view the connection in detail.

2. To view the host details, hover over the host. The card shows:

   • IP address of the host.

   • Country where the host is located.

   • Username logged in to the host (when available)

   • Hostname (when available)

   • Tag name (when available)

   • To view more information about the host, click the host or click View details.

     

     The system shows these details:

     Item	Description
     Alerts	Alerts detected that include the host.
     Applications	Logs related to Application control.
     Matched Indicators	Indicators that matched the host.

3. To perform actions on a host, right-click the host or hover over it and click .

   

   Select the required action:

   1. To easily identify the host on the map, add a tag:

      1. Click Add tag.

      2. Enter a tag name and click Save.

         The system displays the tag name on the host.

         

         Note - To display the tag name on the map, go to Filters > Tags and enable the Show tags toggle button.

   2. To view the Threat Hunting information about the host, click Go to Threat hunting.

      The system opens the Threat Hunting page and shows the data filtered by the host IP address.

      

   3. To view the Intelligence information about the host, click Go to Intelligence.

      The system opens the Intelligence page and shows the data filtered by the host IP address.

      

   4. To add the host as an indicator to Infinity IoC:

      1. Click Add to IOC. The Add artifact window appears.

         

      2. Enter the required details and click OK.

         The system adds the host IP address as an indicator to Infinity IoC.

4. To view the connections of a host, hover over the host.

   The system highlights all the connected nodes.

   

5. To view the number of the connections between two hosts, hover over their link.

   

6. To zoom in or out, scroll the mouse wheel up/down or use the zoom-in/zoom-out buttons in the bottom-right corner.

7. To pan the map, click and hold anywhere outside the nodes and links and then move the mouse.

8. For an overview of the current Topology map, see the mini-map at the top-right corner.