This topic describes the Host Profile report. The following figure shows the Host Profile report, listing all the suspicious hosts.
The following figure shows the different panels of this view.
The Host Profile Report has the following panels:
- Activity Heading
- Activity Fields
- Activity Histograms
- Activity Heat Maps
- Activity List
Activity Heading Panel
On the Activity Heading panel allows you can view the activity name, IP address, the time the report was generated, along with the start and end date.
Note: The Host Profile report does not display a score in the Activity heading panel.
Activity Fields Panel
The Activity Fields panel displays the following fields from the Mongo DB database.
| Field | Description |
|---|---|
| Least Busiest Hour | The hour with the lower number of requests. |
| Busiest Hour | The hour with the highest number of requests. |
| Longest No-traffic Period (hours) | The longest break without any traffic for this IP. |
| Total Bandwidth | The total bandwidth consumed for sending and receiving. |
| Domain Total | The total number of domains accessed by this IP. |
| Average Bandwidth | The average bandwidth to send or receive per session. |
| External IPs | The number of external IPs accessed. |
| Rare User-Agents | The number of rare User-Agent strings seen from this IP. |
Activity Histograms Panel
The Activity Histograms panel displays the Session Size Histogram. This is a vertical histogram which depicts the host activity in blue color.
There are two types of histograms:
- Vertical Histogram: The data is depicted in the form of a vertical histogram in case of an Hours or Session Size Histogram.
- Horizontal Histogram: The data is depicted in the form of an horizontal histogram in case of Domains Histogram.
Vertical Histogram
Horizontal Histogram
Activity Heat Maps Panel
The Activity Heat Maps panel displays the HTTPS Requests Overview heat map. The heat map is plotted based on days (X-axis) and hours (Y-axis). The count of the activities is computed based on the average of several activities. The color codes displayed for the activities vary as it is dynamic. The heat map is displayed from the start date of the report which is displayed above the Heading panel. For example, on a particular day on the 23rd hour if the activity is high then the dark blue color code is displayed on the heat map.
Note: The high rate of activities during a particular period is not indicative of suspicious activity on the host. The color codes only depict the rate of activities during any period.
Activity List Panel
The Activity List panel is displayed based on the percentage of traffic on the field it accessed. For example, Daily User Agent Settings and Countries.
View a Host Profile Report
To view a host profile report:
-
In the Security Analytics menu, click Reports.
The Manage tab is displayed.
-
Click Warehouse Analytics.
The Warehouse Analytics view is displayed.
-
In the Warehouse Analytics toolbar, click View All Jobs.
A list of jobs along with their schedule name and time are displayed on the View tab.
Note: If no list is displayed, select a date from the calendar to view a list of jobs.
Double-click on an execution based on the Host Profile model.
The Host Profile report is displayed.
Next stepsNext Steps
You can investigate a host profile report.