Compromises

This section of Stamus Central Server offers a view on threats activity in your environment.

Impacted Assets

This page allows viewing which asset is under attack and by which threat. An asset can be impacted by one or more threats.

Threats Assets

The table allows:

  • Filtering on different Assets (by using the Filter input field)

  • Performing Actions on Assets from the Action dropdown menu, like Acknowledge and/or Revert

  • Switching between New and Fixed Assets list view

  • Counters for new/fixed/total Assets (Note that when using the New and Fixed switches, Total count is aggregated, based upon the selected switch).

  • Sorting in asc or desc order, and also - by Asset Type (either Username, Email or IP)

  • Information on:

    • Asset HostID information - by clicking on the Asset link

    • Threats from which the Asset is part of

    • First Seen and Last Seen

    • Network info - if available

    • Last logged user - if available

    • Fixed date - it is displayed only for a Fixed / Acknowledged Assets

  • Ctrl button - allows you to Acknowledge or Revert an Asset

Timeline

The threat timeline lets you see what happened and when as well as observing lateral movement between hosts if it occurred (as illustrated by the following screenshot, see red arrow moving down from one host to another).

Threats Timeline

Coverage

The coverage page lets you see, and search, what threats are covered by Stamus Central Server. A detection method being a means of detecting a threat and each threat being detectable by one or more detection methods.

Threats Coverage