Live Risk view displays the hosts on which any malicious or risky activity was performed based on the configurations in the Compliance Auditor.
To view the hosts on which a malicious activity was performed, you must create corresponding audit rules in the Compliance Auditor. For more details about how to create a compliance audit rule, see Adding or Modifying an Audit Rule
You can click on the host that is displayed in the Live Risk view to view the complete audit details. When you click on the host in Live Risk view, it displays the corresponding Compliance Audit records, which can be used for further analysis of the malicious activity.