View and manage detections
- In the management console, on the menu bar, click Focus > Detections.
- Do any of the following:
Task
Steps
Change the scope of the detections data.
In the Detections Over Time drop-down list, select the desired scope.
Include or exclude detections of different priority levels.
The graph provides a count of informational, low, medium, and high priority events. Click any of the counts to exclude those events from the detections data. Click the same item again to include it in the data.
View the details and artifacts of interest for a detection.
Click View.
Depending on the artifacts associated with the detection, you may be able to select different actions (for example, you can download a file, quarantine a file, view focus data, create a detection exception, and so on). You can click the Detection Notes section to add notes relevant to your analysis.
Lock down the device associated with a detection.
- Click View.
- In the Actions drop-down list, click Lockdown Device.
- See Fully lock a device.
Export detection details to a JSON file.
- Click View.
- In the Actions drop-down list, click Export Data.
Set the status of a detection event.
Do any of the following:- Click the Status drop-down list for a detection and select the appropriate status.
If you select False Positive, you are prompted for how you want to handle duplicate detections. Select the appropriate option and click Save.
- Select one or more detections and click Select Action > Change Status. Select the appropriate status and click Confirm.
Delete one or more detections.
Select the detections and click Select Action > Delete Detection. Click Confirm Delete.