Skip to main content
This guide applies to Mac computers and Windows devices

About the Detections Page

The Detections page in the Iru Endpoint Web App is where admins review threat events, monitor trends, and take response actions for devices with the EDR Library Item assigned. Access it by clicking Detections in the left-hand navigation bar (under Endpoint). For an overview of EDR capabilities and posture modes, see Endpoint Detection & Response (EDR) Overview.

Dashboard Widgets

Detections Over Time

The Detections Over Time graph displays a chronological overview of security threats detected within a specified timeframe. By default, the graph shows data for the past 30 days. At the top of the Detections tab, click the date range beside Viewing (default Last 30 days) to change the period, such as Last 24 hours through Last 90 days, All time, or Custom date range.
If you choose a date range exceeding 90 days, the system automatically limits the display to 90 days.
The graph offers three visualization options:
  • Granular — Shows every individual threat detection
  • Smooth — Displays general trends and patterns
  • Balanced — Default setting between detailed data and trend visualization
Detections Over Time graph on the Detections page

Detections By Severity

The Detections By Severity view provides a visual breakdown of detections by severity level. Each detection is assigned one of five severity levels: Critical, High, Medium, Low, and Informational.
Iru Endpoint Detections page dashboard with Detections over time graph, Detections by severity donut chart and severity legend, and Devices under threat count

Devices Under Threat

The Devices Under Threat metric shows how many devices currently have active security threats. Adjust the timeframe using the date range at the top of the page. This data refreshes each time the page is loaded.
Devices Under Threat metric on the Detections page

Filter by Date Range

On the Detections tab, click the date range at the top of the page to choose how far back threat events appear. The current range is shown to the right of Viewing and defaults to Last 30 days. Select a preset (Last 24 hours, Last 7 days, Last 30 days, Last 60 days, Last 90 days, or All time) or Custom date range for specific start and end dates. Your selection applies to the dashboard widgets and the detections table.
Iru Endpoint Detections page with Last 30 days date range menu open next to Viewing, showing Last 24 hours through Custom date range

Search, Filters, and the Detections Table

Above the detections table, use Search and the filter dropdowns to narrow the list by detection type, classification, status, severity, and other criteria.
Iru Endpoint Detections page showing Search field and filter dropdowns above the detections table
The Detections List (detections table) shows each threat event with columns such as threat name, classification, severity, detection date, number of affected devices, and status. Click a row to open the side panel with full details and response actions.
Detections List (detections table) on the Detections page

Threat Detail View

Click any threat event to open a side panel with detection and quarantine dates, file path, file hash, user information, and available response actions.
Endpoint Detection and Response EDR threat detail view
For investigation workflows, status changes, and response actions, see Understanding Threat Events and Security Operations Actions in Endpoint Detection.

Device Record Detections Tab

The device record page shows the total number of threat events found on a specific device. To see the actual threat events, select the Detections tab.
Endpoint Detection and Response EDR device record view
Select any threat entry to display comprehensive details including detection timestamp, quarantine date, file location, cryptographic hash, and related user account information.
Endpoint Detection Response overview showing EDR interface or configuration
For more details about how device views work, see Device Views Overview.

Platform-Specific Detections Features

Iru Endpoint EDR categorizes file detections as malware, PUPs, benign, or unknown, and behavioral detections as malicious or suspicious.Use the Detection type filter on the detections table to show File detections, Behavioral detections, or both.The threat detail side panel provides device isolation for quarantining affected devices from the network.

Rules Tab

The Rules tab on the Detections page lets you configure behavioral detection rule groups and detection levels. From here you can set a global rule detection level or set detection levels per rule group (Cautious, Moderate, or Aggressive), and manage rule exceptions. For full details, see Behavioral Detection Rule Groups.
Rules tab on the Detections page

Next Steps