The Hosts section displays the following information about hosts on which the TAA (IOA) rule was triggered:
Host name—IP address or domain name of the computer where the event occurred. Clicking the link opens the Threat Hunting section with the search condition containing the ID of the selected rule and the selected host.
IP—IP address of the computer where the event occurred.
If you are using dynamic IP addresses, the field displays the IP address assigned to the computer at the moment when the alert was created or updated.
The program does not support IPv6. If you are using IPv6, the IP address of the computer is not displayed.
Number of events—Number of events that occurred on the host.
Find events. Clicking the link opens the Threat Hunting section with the search condition containing the ID of the selected rule.