Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Virtual Machine status

The overall status of your virtual machine is based on the individual status of your virtual machine's subcomponents. Your virtual machine contains three subcomponents:

  • Malware Protection
  • FIM
  • Patching

Armor reviews the status of your three subcomponents and labels your virtual machine based on the status of your most critical subcomponent.

For example, if Malware Protection and FIM are both in a Secured status, but Patching is in a Critical status, then overall, your virtual machine is labeled as Critical.

In another example, if Malware Protection is in a Critical status, FIM is in a Warning status, and Patching is in a Secured status, then overall, your virtual machine is labeled as Critical

Malware Protection status

Troubleshoot Malware Protection

FIM status

Troubleshoot FIM 

Patching statustrue

To fully use this screen, you must add the following permission to your account:

  • Read Dashboard Statistics


The Security Dashboard in the Armor Management Portal (AMP) displays the various statuses of your virtual machines: 

  • Green indicates a virtual machine in a Secured status.
  • Yellow indicates a virtual machine in a Warning status. 
  • Red indicates a virtual machine in a Critical status.
Virtual machine statusVirtual machine status
Excerpt Include
View and delete offline virtual machines (snippet)View and delete offline virtual machines (snippet)
Anti-Malware statusAnti-Malware status
Excerpt Include
Understand Malware Protection Data (snippet)Understand Malware Protection Data (snippet)
Excerpt Include
Troubleshoot Malware Protection data (snippet)Troubleshoot Malware Protection data (snippet)
FIM status FIM status
Excerpt Include
Understand FIM status (snippet)Understand FIM status (snippet)
Excerpt Include
Troubleshoot FIM (snippet)Troubleshoot FIM (snippet)
Patching statusPatching status
Excerpt Include
Patching (snippets)Patching (snippets)nopanel

You can use the Health Overview screen to see the overall health status of your virtual machines.

The top of the Health Overview screen contains four types of information, displayed in various widgets. 



Overall Health Score

This widget displays an average of the ProtectionDetection, and Response scores.

Scores in the security dashboards are calculated and updated every night at 2:00 AM UTC. 


This score is based on the stability of the Armor agent and any corresponding subagents. For more information, see: 


This score is based on the incoming activity (log activity) of the Armor agent and any corresponding subagents. For more information, see: 


This score is based on the response time for a support ticket between you and Armor. For more information, see:

Score range

Health status

10 - 8Good
7 - 4Fair
3 - 1Poor

Critical Incidents

This widget displays the number of open or pending support tickets that are considered highly important, security-focused incidents, known as Critical Incidents.

Internally, when Armor Support reviews a support ticket, a support personnel can label the ticket as a Security Incident. These tickets will be given a severity rating (low, medium, high, critical), and then displayed in the Security Incidentsscreen. A Security Incident with a Critical status is also known as a CriticalIncident.

In the Security Incidents screen, you will only see an incident if you are listed as a recipient on the support ticket or if you opened the support ticket. 

Armor Support, you, or someone on your account can open a support ticket that can eventually evolve into an incident.

To learn more about the Security Incident screen, see: 

Under Security Alerts Needing Attention, you can click a specific incident, and then you will be redirected to the Security Incident screen with the table already filtered.

Logs Parsed (Past 24h)

This widget displays the number of logs that Armor has received and analyzed in the past 24 hours.


This widget only applies to Armor Anywhere users.

This widget displays the number of detected vulnerabilities, based on the information from the weekly vulnerabilities report. 

A vulnerability scan takes place every Sunday at 10:00 PM, local server time. After a scan is complete, the corresponding report is added to the Vulnerability Scanning screen of the Armor Management Portal (AMP). Additionally, this widget is updated based on the scan.  

To learn about the Vulnerability Scanning screen, see Vulnerability Scanning (Armor Anywhere).

Review API Calls

Related Documentation

Content by Label
cqllabel in ("dashboard","score")

Was this helpful?
Rate Macro