Working with a Host

When an Event is saved in an Event Database, or a Scanner Event is imported to an Event Database from a scanner (see What are Scanner Events?), TLC performs an NSlookup to identify the Event's Host. A Host is either:

The system with the Log Source that generated a log message resulting in the creation of an Event in an Event Database, or

A system identified by a Scanner Event in an Event Database (i.e. a system with a vulnerability or port identified by a scanner).

To query an Event Database for information about Hosts:

1. In the side bar, select Events >Event-Database ViewerEvent-Database Viewer.
2. In the side bar of the Event-Database Viewer, select Hosts or a Host-field value under Hosts.
3. In the workspace table, double-click the Host. TLC opens the Host Details tab (see Table 107).

Tip

You can sort, group, and filter the contents of tables. For more information, see Working with Tables).

Tip 

For more information about working with the Event-Database Viewer, see Working with the Event-Database Viewer.

Table 107. Tabs in Host Details

Tab

Description

Overview

Presents the Host's IP address, DNS Name, operating system, and other details.

Applications

Lists the applications associated with log messages collected from the Host.

Vulnerabilities

Lists any Scanner Events involving the Host.

Event Tickets

Lists any Event Tickets to which the Host is assigned. For more information, see Working with Event Tickets in the Event-Database Viewer.