Movatterモバイル変換


[0]ホーム

URL:


Loading

The Hosts page has the following sections:

KPI charts show metrics for hosts and unique IPs within the time range specified in the date picker. This data is visualized using linear or bar graphs.

Tip

Hover inside a KPI chart to display the actions menu (), where you can perform these actions: inspect, open in Lens, and add to a new or existing case.

Beneath the KPI charts are data tables, categorized by individual tabs, which are useful for viewing and investigating specific types of data. Select the relevant tab to view the following data:

  • Events: All host events. To display alerts received from external monitoring tools, scroll down to the Events table and selectShow only external alerts on the right.
  • All hosts: High-level host details.
  • Uncommon processes: Uncommon processes running on hosts.
  • Anomalies: Anomalies discovered bymachine learning jobs.
  • Host risk: The latest recorded host risk score for each host, and its host risk classification. In Elastic Stack, this feature requires aPlatinum subscription or higher. In serverless, this feature requires the Security Analytics Completeproject feature tier. ClickEnable on theHost risk tab to get started. To learn more, refer to ourentity risk scoring documentation.
  • Sessions: Linux process events that you can open inSession View, an investigation tool that allows you to examine Linux process data at a hierarchal level.

The tables within theEvents andSessions tabs include inline actions and several customization options. To learn more about what you can do with the data in these tables, refer toManage detection alerts.

Events table

Host details page

A host’s details page displays all relevant information for the selected host. To view a host’s details page, click itsHost name link in theAll hosts table.

The host details page includes the following sections:

  • Asset Criticality: This section displays the host’s currentasset criticality level.
  • Summary: Details such as the host ID, when the host was first and last seen, the associated IP addresses, and associated operating system. If the host risk score feature is enabled, this section also displays host risk score data.
  • Alert metrics: The total number of alerts by severity, rule, and status (Open,Acknowledged, orClosed).
  • Data tables: The same data tables as on the main Hosts page, except with values for the selected host instead of all hosts.
Host's details page
×Host's details page

[8]ページ先頭

©2009-2026 Movatter.jp