The Security Overview displays several charts that highlight data from different perspectives about detections. These charts can help you evaluate the scope of security risks, launch investigations into unusual activity, and mitigate security threats. Detections are analyzed every 30 seconds or every hour, depending on the metric.
- Recommended for Triage
- This chart shows you a list of detections that ExtraHop is recommending based on contextual analysis of your environment. Click a detection to view the detection card in Triage view on the Detections page.
- Detection Types
- This chart shows you the number of distinct detection types that occurred in the Attack, Hardening, and Operations categories during the selected time interval. By changing the time interval, you can see how many detection types occurred during that time. Click a number to open the Detections page filtered to show detections for each type in the selected detection category.
- Detections by Attack Category
- This chart provides a quick way to see the types of attacks your network might be at risk for and displays the number of detections that occurred in each category during the selected time interval. Actions on Objective detections are listed by type to help you prioritize the most severe detections. Click any number to open a filtered view of detections that match the selected attack category.
- Frequent Offenders
- This chart shows the 20 devices or endpoints that acted as offenders in one or more
detections. The ExtraHop system considers the number of distinct attack categories and
detection types and the risk scores of the detections associated with each device to
determine which devices are considered frequent offenders.
The size of the device role icon indicates the number of distinct detection types and the position of the icon indicates the number of distinct attack categories. Click a role icon to view more information about the attack categories and detection types associated with the device. Click the device name to view device properties.
Learn more about network security with the Security Hardening dashboard.
Threat briefings provide cloud-updated guidance about industry-wide security events. Learn more about threat briefings.
You can specify the sites you want to view data from on this page. Users with NDR module access can generate an executive report to share results.
- Site Selector
- Click the site selector at the top of the page to view data for one or more sites in your environment. View combined traffic across your networks or focus on a single site to help you quickly find device data. The site selector indicates when all or some sites are offline. Because data is not available from offline sites, the charts and device pages associated with offline sites might not show data or might only show limited data. The site selector is only available from a console.
- (NDR module only) Executive Report
- Click Generate Executive Report to create a PDF file. The Executive Report provides a summary of the top detections and risks to your network from the last week. The Executive Report only includes information for the selected sites.