Network Detection and Response User Guide – Reports
This section includes the Reports that are included in the Network Detection and Response Module.
Network: Top 10 Domains
Report ID: 954
Shows the top 10 domains in use by bandwidth (bytes out + bytes in). For use with the LogRhythm Network Monitor.
Minimum Log Sources
Firewall or Network Flow Data
Recommended Log Sources
- LogRhythm Network Monitor
- Next-Gen Firewall
Network: Top 10 Applications
Report ID: 955
Shows the top 10 applications in use by bandwidth (bytes out + bytes in). For use with the LogRhythm Network Monitor.
Minimum Log Sources
Next-Gen Firewall
Recommended Log Sources
LogRhythm Network Monitor
Network: Top 10 Hostnames (Impacted)
Report ID: 956
Shows the top 10 hostnames (impacted) by bandwidth (bytes out + bytes in). For use with the LogRhythm Network Monitor.
Minimum Log Sources
Firewall or Network Flow Data
Recommended Log Sources
- LogRhythm Network Monitor
- Next-Gen Firewall
Network: Top 10 Hostnames (Origin)
Report ID: 957
Shows the top 10 hostnames (origin) by bandwidth (bytes out + bytes in). For use with the LogRhythm Network Monitor.
Minimum Log Sources
Firewall or Network Flow Data
Recommended Log Sources
- LogRhythm Network Monitor
- Next-Gen Firewall
Network: Unauthorized/Risky Application Usage
Report ID: 958
Summary of unauthorized/risky applications identified by the LogRhythm Network and defined by the user. To work, populate the Network: Unauthorized/Risky Applications list.
Minimum Log Sources
Next-Gen Firewall
Recommended Log Sources
LogRhythm Network Monitor
Rogue Host Detection Summary
Report ID: 959
Summary of all hostnames picked up by the Rogue Host alarm. For use with the LogRhythm Network Monitor.
Minimum Log Sources
New Network Host AI Engine Rule
Recommended Log Sources
New Network Host AI Engine Rule
Summary Of AI Engine Events
Report ID: 960
Summary of all AI Engine events by day. For use with the LogRhythm Network Monitor.
Minimum Log Sources
Network Security Analytics AI Engine Rules
Recommended Log Sources
Network Security Analytics AI Engine Rules
Top Attackers Summary
Report ID: 1015
Summary of top attackers by Origin-Host.
Minimum Log Sources
Any Security Log Source
Recommended Log Sources
- IDS/IPS
- Firewall
- AV
- Vulnerability Scanners
- Security Devices