Security Overview

The Security Overview displays several charts that highlight data from different perspectives about detections. These charts can help you evaluate the scope of security risks, launch investigations into unusual activity, and mitigate security threats. Detections are analyzed every 30 seconds or every hour, depending on the metric.

Video:See the related training: Security, Network, and Perimeter Overview
Recommended for Triage
This chart shows you a list of detections that ExtraHop is recommending based on contextual analysis of your environment, also known as Smart Triage. Click a detection to view the detection card in Triage view on the Detections page.
Investigations
This chart provides a count of investigations that were created during the selected time interval. The count includes investigations that were recommended by ExtraHop or created by users. Click the chart to view the investigations table on the Detections page.
Detections by Attack Category
This chart provides a quick way to see the types of attacks your network might be at risk for and displays the number of detections that occurred in each category during the selected time interval. Actions on Objective detections are listed by type to help you prioritize the most severe detections. Click any number to open a filtered view of detections that match the selected attack category.
Frequent Offenders
This chart shows the 20 devices or endpoints that acted as offenders in one or more detections. The ExtraHop system considers the number of distinct attack categories and detection types and the risk scores of the detections associated with each device to determine which devices are considered frequent offenders.

The size of the device role icon indicates the number of distinct detection types and the position of the icon indicates the number of distinct attack categories. Click a role icon to view more information about the attack categories and detection types associated with the device. Click the device name to view device properties.

Learn more about network security with the Security Hardening dashboard.

Threat briefings

Threat briefings provide cloud-updated guidance about industry-wide security events. Learn more about threat briefings.

Site selector and Security Operations Report

You can specify the sites you want to view data from on this page. Users with NDR module access can generate a Security Operations Report to share results.

Site Selector
Click the site selector at the top of the page to view data for one or more sites in your environment. View combined traffic across your networks or focus on a single site to help you quickly find device data. The site selector indicates when all or some sites are offline. Because data is not available from offline sites, the charts and device pages associated with offline sites might not show data or might only show limited data. The site selector is only available from a console.
(NDR module only) Security Operations Report
The Security Operations Report contains a summary of the top detections and risks to your network. Click Generate Report to specify the report contents, time interval, and sites to include in the report, then click Generate to create a PDF file. Click Schedule Report to create a Security Operations Report that is emailed to recipients according to the configured frequency.
Last modified 2024-10-25