Security Overview

The Security Overview displays several charts that highlight data from different perspectives about detections. These charts can help you evaluate the scope of security risks, launch investigations into unusual activity, and mitigate security threats. Detections are analyzed every 30 seconds or every hour, depending on the metric.

Site Selector

Click the site selector at the top of the page to view data for one or more sites in your environment. View combined traffic across your networks or focus on a single site to help you quickly find device data. The site selector indicates when all or some sites are offline. Because data is not available from offline sites, the charts and device pages associated with offline sites might not show data or might only show limited data. The site selector is available from Command appliances and Reveal(x) 360 only.

Executive Report

Click Generate Executive Report to create a PDF file. The Executive Report provides a summary of the top detections and risks to your network from the last week. The Executive Report only includes information for the selected sites.

Total Security Detections

This count chart shows you the number of detections that occurred during the selected time interval. By changing the time interval, you can see how many detections occurred for a given time period. Click the number to open the Detections page. Learn more about detections.

Detections by Security Category

This chart provides a quick way to see the types of attacks your network might be at risk for. Click any number to open a filtered view of detections that match the selected security category, and continue your investigation.

Assets with Detections

This count chart shows you the number of detections that occurred on devices that receive Advanced Analysis—the highest level of analysis.

Top Offenders

This chart shows the top 20 devices or endpoints that acted as offenders in one or more detections. The ExtraHop system considers the number of distinct attack categories and detection types and the risk scores of the detections associated with each device to determine which devices are considered top offenders.

The size of the device role icon indicates the number of distinct detection types and the position of the icon indicates the number of distinct attack categories. Click a role icon to view more information about the attack categories and detection types associated with the device. Click the device name to view device properties.

Highest Risk Score

This count chart shows you the number of the highest risk score amongst all of your detections. Click the number to open a filtered view of all detections sorted by risk score.

Detections by Risk Score

This chart shows you a gradient view of how many detections are in each risk level.

Top Detections by Type

This chart shows you a list of detection types, sorted by highest-count. Click the number to open a filtered view of the selected detection. Each detection type summarizes what caused the detection; click the type name to open all detections of that type and begin your investigation.

Learn more about network security with the Security dashboard.