This topic describes the Host Profile report. The following figure shows the Host Profile report, listing all the suspicious hosts.
The following figure shows the different panels of this view.
The Host Profile Report has the following panels:
- Activity Heading
- Activity Fields
- Activity Histograms
- Activity Heat Maps
- Activity List
Activity Heading Panel
On the Activity Heading panel allows you can view the activity name, IP address, the time the report was generated, along with the start and end date.
Activity Fields Panel
The Activity Fields panel displays the following fields from the Mongo DB database.
Activity Histograms Panel
The Activity Histograms panel displays the Session Size Histogram. This is a vertical histogram which depicts the host activity in blue color.
There are two types of histograms:
- Vertical Histogram: The data is depicted in the form of a vertical histogram in case of an Hours or Session Size Histogram.
- Horizontal Histogram: The data is depicted in the form of an horizontal histogram in case of Domains Histogram.
Activity Heat Maps Panel
The Activity Heat Maps panel displays the HTTPS Requests Overview heat map. The heat map is plotted based on days (X-axis) and hours (Y-axis). The count of the activities is computed based on the average of several activities. The color codes displayed for the activities vary as it is dynamic. The heat map is displayed from the start date of the report which is displayed above the Heading panel. For example, on a particular day on the 23rd hour if the activity is high then the dark blue color code is displayed on the heat map.
Activity List Panel
The Activity List panel is displayed based on the percentage of traffic on the field it accessed. For example, Daily User Agent Settings and Countries.
View a Host Profile Report
To view a host profile report:
In the Security Analytics menu, click Reports.
The Manage tab is displayed.
Click Warehouse Analytics.
The Warehouse Analytics view is displayed.
In the Warehouse Analytics toolbar, click View All Jobs.
A list of jobs along with their schedule name and time are displayed on the View tab.Double-click on an execution based on the Host Profile model.
The Host Profile report is displayed.
You can investigate a host profile report.