Host profile page

The Host profile page provides an overview and details about the selected host. It consists of a number of tabs:

  • The Overview tab provides a summary of the host and is the default view.

  • The Threats tab displays the detected incidents, with their associated evidence, network interactions, and IOCs.

  • The Events tab displays detection and info events information.

  • The Activity timeline tab displays bandwidth usage and other discovered facts about the host, such as its operating system, applications, and services. This data is displayed in a timeline graph.

  • The File downloads tab lists the files that have been downloaded.

  • The Users tab displays the known user information.

There are a number of controls and buttons along the top of the Host profile page common to all of the tabs:

  • Click angle left to return to the Hosts page listing.

    Beside the navigation element is the threat level indicator for the host followed by its IP address. If the host is within the home network, the home icon is displayed.

  • Click the Network pages icon Explore angle down button then select one of the options from the pull-down menu:

    • Investigate all network traffic from this host

    • Investigate web traffic from this host

    • Investigate DNS queries that failed from this host

    • Investigate Encrypted Traffic destinations for this host

    These options are deep links into the Network explorer page (Kibana interface), providing access to all the information related to the host.

  • Click the Host action button then select Manage alert from the pull-down menu to launch the Manage alert sidebar. Use this feature to suppress or demote alerts thrown by harmless events from the host, such as the system Test or Blocking events, or to assign custom impact values to events.