Hosts Page

To access the Hosts page:

1. Log in to LogRhythm NDR's new UI.
2. Click Hosts from the sidebar menu.
   The Hosts page displays three tabs: Highlighted Hosts, Host Activity, and All Hosts.
   

Highlighted Hosts Tab

1. Click the Highlighted Hosts tab.
   In this tab, three parallel lists (Watched Hosts, Critical Hosts, and Notable Hosts) are available where we can search for specific entries from the lists.
   If an entry from the Watched Hosts, Critical Hosts, and Notable Hosts is selected, the Host Details page appears where details such as host score, cases, and host details are available.
   A host entry can be tagged as a Critical Host and Watched Host by clicking the Watched/Critical button available in each host entry.

Host Activity Tab

1. Click the Host Activity tab.
   A bar chart is available that represents the host's activity and the bar chart's legend also classifies the host's activity when you click on it.
   A host activity table is available below the bar chart where the activities of the host are listed with information such as Time, Activity, Entry Origin, and Entry UUID.
   

2. To view more activity, click the Date Range/Time picker drop-down menu option available next to the Search field at the top-right of the page.

3. To export the host details, click the Export icon.

4. To add or remove column headers, click the Show Columns icon.

5. Click the column headers in the table to sort the table entries in the ascending or descending order.
   

6. To filter the columns, click the Column filter toggle icon.
   

7. To expand the two tabs, Details & Raw Data (JSON), click the host activity entry.
   The Details tab contains preliminary data such as Created at, Date, Entry Origin, and Entry UUID.
   The Raw Data (JSON) contains these details and more in the JSON format.
   

All Hosts Tab

1. Click the All Hosts tab.
   A list of hosts with information such as Entry UUID, Tag, Score, and Critical are presented.

2. Click the column headers in the table to sort the table entries in the ascending/descending order.

3. To view host details, click anywhere on the host row.
   The Host Details page displays the Activity Timeline Graph, Activity Chart, and Activity Table.

4. To get raw data pertaining to each host, click the host entry row.

5. To add or remove column headers, click the Show Columns icon.

6. To export the host details, click the Export icon.

7. To filter hosts, click the Show/Hide Column filters and select your filter parameters.

8. To see the list of total number of IOAs, click IOA.
   

   

   You can also access case-events page from the IOA list.