Netskope Help

Malicious Sites

To view the malicious sites that were contacted by your internal hosts, go to Incidents > Malicious Sites.

MaliciousSite.png

Primary metrics appear in the panels on top, and a table provides more specific information. The search field on top allows you to filter the malicious sites shown on the page by entering key words. The information shown on this page includes:

  • Sites Allowed: Sites that your users visited and were not blocked.

  • Total Malicious Sites: The total number of malicious sites that users have visited.

  • Users Allowed: The total number of users not blocked from visiting a malicious site.

  • Site: The IP address or URL associated with the malicious site.

  • Severity: The severity rating for the malicious site: Critical, High, Medium, or Low.

  • Category: The type of malicious site detected.

  • Site Destination: The location where the malware was downloaded.

Click an item on the page to see more comprehensive details. This page provides more information about the site you selected. The information shown on this page includes:

  • Site: The IP address or URL associated with the malicious site and associated categories.

  • Severity: The severity rating for the malicious site: Critical, High, Medium, or Low.

  • Site Allowed: Static display showing this site is an allowed site.

  • Users Allowed: The total number of users not blocked from visiting this malicious site.

  • Users Blocked: The total number of users blocked from visiting this malicious site.

  • Attribute/Value: Specific information about the site, like reputation, first seen, etc. Hover your mouse over the Attribute to view descriptions.

  • Users Affected: The name of the offending user in your system associated with the particular malicious site.

  • Action: The action taken based on the quarantine profile you selected, like allow or block.

  • Date: The last date the user visited the malicious site.

To export this information to a file, click Export CSV.