Threats showing with (unknown hostname) in the title (Confirmed Threat).
Example: [THREAT-2] Unwanted Software (Adware) affecting (unknown hostname)
This is currently working as designed <this is under investigation>
As Red Canary does not delay threats from firing until we have full hostname data, sometimes the titles of threats may include (unknown hostname).
Once we do have endpoint data to sync with, the “Affected Endpoint” section on threats will include the hostname/endpoint information needed to remediate/correlate the threat.