When an Event is saved in an Event Database, or a Scanner Event is imported to an Event Database from a scanner (see What are Scanner Events?), TLC performs an NSlookup to identify the Event's Host. A Host is either:
The system with the Log Source that generated a log message resulting in the creation of an Event in an Event Database, or
A system identified by a Scanner Event in an Event Database (i.e. a system with a vulnerability or port identified by a scanner).
To query an Event Database for information about Hosts:
1. | In the side bar, select Events >Event-Database Viewer. |
2. | In the side bar of the Event-Database Viewer, select Hosts or a Host-field value under Hosts. |
3. | In the workspace table, double-click the Host. TLC opens the Host Details tab (see Table 111). |
Tip |
You can sort, group, and filter the contents of tables. For more information, see Working with Tables). |
---|
Tip |
For more information about working with the Event-Database Viewer, see Working with the Event-Database Viewer. |
---|
Tab |
Description |
---|---|
Overview |
Presents the Host's IP address, DNS Name, operating system, and other details. |
Applications |
Lists the applications associated with log messages collected from the Host. |
Vulnerabilities |
Lists any Scanner Events involving the Host. |
Event Tickets |
Lists any Event Tickets to which the Host is assigned. For more information, see Working with Event Tickets in the Event-Database Viewer. |