The Hosts page has the following sections:
KPI charts show metrics for hosts and unique IPs within the time range specified in the date picker. This data is visualized using linear or bar graphs.
Tip
Hover inside a KPI chart to display the actions menu (…), where you can perform these actions: inspect, open in Lens, and add to a new or existing case.
Beneath the KPI charts are data tables, categorized by individual tabs, which are useful for viewing and investigating specific types of data. Select the relevant tab to view the following data:
- Events: All host events. To display alerts received from external monitoring tools, scroll down to the Events table and selectShow only external alerts on the right.
- All hosts: High-level host details.
- Uncommon processes: Uncommon processes running on hosts.
- Anomalies: Anomalies discovered bymachine learning jobs.
- Host risk: The latest recorded host risk score for each host, and its host risk classification. In Elastic Stack, this feature requires aPlatinum subscription or higher. In serverless, this feature requires the Security Analytics Completeproject feature tier. ClickEnable on theHost risk tab to get started. To learn more, refer to ourentity risk scoring documentation.
- Sessions: Linux process events that you can open inSession View, an investigation tool that allows you to examine Linux process data at a hierarchal level.
The tables within theEvents andSessions tabs include inline actions and several customization options. To learn more about what you can do with the data in these tables, refer toManage detection alerts.
