Host Monitoring

In the Reports Portal, select Repository > Standard Content > Foundation > Host Monitoring.

In general, you should consistently monitor host-based events that indicate unauthorized activities. For example, a malicious user or program might start and stop host services and anti-virus programs. Additionally, they might clear the audit log to hide their actions on a host.

To monitor unusual activity that affects hosts, use the following reports:

Dashboards	Reports
Host Profile Overview	Anti-virus Activity Anti-virus Stopped or Paused Audit Log Cleared Events Failed Anti-virus Updates Summary Operating System Errors and Warnings Services Shutdown Services Started

Dashboards

Reports

Host Profile Overview

Anti-virus Activity

Anti-virus Stopped or Paused

Audit Log Cleared Events

Failed Anti-virus Updates Summary

Operating System Errors and Warnings

Services Shutdown

Services Started

Host Profile Overview

Displays the activity on a specific host. This is a drill-down dashboard that can be opened from IP addresses or host names located in a table, bar, chart, or entered in the dashboard search bar. The dashboard requires a valid IP address or host name to show information.

Charts:

Inbound Connections
Outbound Connections
Source Users Associated
Destination Users Associated
Events Table

Filters:

Device Vendor, Product, and Class ID
Category Outcome
Category Technique
Application Protocol

Anti-virus Activity

Reports the volume of activity by reporting anti-virus service. The table provides results by event name, count, affected host, and outcome.

Anti-virus Stopped or Paused

Reports the top IP addresses where an anti-virus service has been stopped or paused. The table provides results by host, service name, and number of events.

Audit Log Cleared

Reports the number of times that the audit log has been cleared by user, host, and date.

Failed Anti-virus Updates Summary

Reports the number of failures in updating anti-virus software by date and host.

Operating Systems Errors and Warnings

Reports the top system errors and warnings by host. You could identify issues associated with specific errors or warnings, such as privileged objects and users, password changes, and login failures. Alternatively, you could sort the table by the reported hosts to review the types of issues affecting each host.

Services Shutdown

Reports the top 10 services that have been shut down in your environment. The table provides a summary of all services, including the associated hosts.

Services Started

Reports the top 10 services that have been started in your environment. The table provides a summary of all services started, including the associated hosts.