Security Overview

The Security Overview displays several charts that highlight data from different perspectives about detections. These charts can help you evaluate the scope of security risks, launch investigations into unusual activity, and mitigate security threats. Detections are analyzed every 30 seconds or every hour, depending on the metric.

Recommended for Triage

This chart shows you a list of detections that ExtraHop is recommending based on contextual analysis of your environment. Click a detection to view the detection card in Triage view on the Detections page.

Investigations

This chart provides a count of investigations that were created during the selected time interval. The count includes investigations that were recommended by ExtraHop or created by users. Click the chart to view the investigations table on the Detections page.

Detections by Attack Category

This chart provides a quick way to see the types of attacks your network might be at risk for and displays the number of detections that occurred in each category during the selected time interval. Actions on Objective detections are listed by type to help you prioritize the most severe detections. Click any number to open a filtered view of detections that match the selected attack category.

Frequent Offenders

This chart shows the 20 devices or endpoints that acted as offenders in one or more detections. The ExtraHop system considers the number of distinct attack categories and detection types and the risk scores of the detections associated with each device to determine which devices are considered frequent offenders.

The size of the device role icon indicates the number of distinct detection types and the position of the icon indicates the number of distinct attack categories. Click a role icon to view more information about the attack categories and detection types associated with the device. Click the device name to view device properties.

Learn more about network security with the Security Hardening dashboard.