Hunt with Discover

1. Log in to the LogRhythm NDR UI.
2. Click the Hunt tab. In the drop-down menu, click Activity.
   The Activity page appears, displaying various logs and events in the table. By default, the legends and events for the last one (1) hour are shown.
3. To display the aggregated logs for DNS, DHCP, hosts, users, etc., click the Discover icon.
   For example: 
   
   1. Select Host.
      The host drop-down menu consisting of different fields such as host_uuid, src, Host, Name, Mac, etc. appears. 
   2. Click the visualize icon next to host in the sublist.
      The host count at each interval appears. All logs that are aggregated to different hosts in the last one (1) hour are displayed.
4. To display aggregated logs of different fields, click the Discover icon.  
5. Select host in the drop-down menu, and then click the addfilter icon next to host in the sublist.
   The Value based Filters & Aggregations pop-up box appears.
6. Click the add icon next to the filter you want to add. 
   For example:
   
   1. Click the add icon next to repo.saltstack.com.
      The logs linked only to the host repo.saltstack.com in the graph appear. 
   2. Add other filters in the Discover drop-down list in the same way.

×