Host summary sidebar

The Host summary sidebar is expanded by clicking an entry in the Hosts list.

Top section

At the top of the sidebar are a number of items:

  • Click the cancel/close to close the sidebar.

  • The Impact and IP address of the selected host is displayed.

  • Click the View profile angle right button to go to the Host profile page.

  • Click the Network pages icon Explore angle down button then select one of the options from the pull-down menu. These options are deep links into the Network explorer page (Kibana interface), providing access to all the information related to the host.

  • The number of Campaigns, Threats, Applications, and Services are displayed.

Details section

The following details about the host are displayed:

  • The Host name section lists all known host names for the host.

  • The Host label section lists any labels assigned to the host. You can edit the label.

  • The Device MAC address section lists all known MAC addresses seen for the host. Under each entry are timestamps for the first and last time the MAC address was associated with the host. These MAC addresses are obtained from DHCP traffic that was detected on the network.

  • The Sensor section displays the Sensor that detected the host.

  • The Tags section displays any tags assigned to the host. You can add a tag to the host. You can also add or remove a system-defined tag or another existing tag.

The Applications section lists all the applications that have been detected on the host during the current time frame. A count of the number of applications detected is displayed. By default, the list is collapsed. Click the angle right icon to toggle the list open. Click angle down to close the list.

The Services section lists all the services that have been detected on the host during the current time frame. A count of the number of services detected is displayed By default, the list is collapsed. Click the angle right icon to toggle the list open. Click angle down to close the list.

The Device types section lists all the device types (for example, server, endpoint, phone, etc) that have been detected on the host during the current time frame. A count of the number of device types detected is displayed. By default, the list is collapsed. Click the angle right icon to toggle the list open. Click angle down to close the list.

The Operating systems section lists all the operating systems that have been detected on the host during the current time frame. A count of the number of operating systems detected is displayed. By default, the list is collapsed. Click the angle right icon to toggle the list open. Click angle down to close the list.

The Users section lists the users that were seen on the host during the current time frame. The source of the user information is displayed after each entry, for example, Active Directory or Proxy-Auth-HTTP-header. By default, the list is collapsed. Click the angle right icon to toggle the list open. Click angle down to close the list.

Active campaigns

The Active campaigns section lists the campaigns associated with this host during the current time frame, if any. Each entry is a summary of a campaign:

  • Impact of the campaign.

  • The Campaign ID, which is a link to the Campaign details page.

  • The number of hosts that are part of the campaign.

Threats

The Threats section list the threat incidents associated with this host during the current time frame. Each entry is a summary of a threat:

  • Impact of the threat.

  • The name of the threat. Hovering over the name displays a pop-up with further information about the threat.

  • The threat activity time range.

Click the View threats angle right link to view the details on the Host profileThreats tab.