Monitor Hosts

In addition to responding to incidents, analysts can also monitor and research activities associated with specific hosts.

To monitor hosts:

In the main menu, click the Hosts tab, and then click Highlighted Hosts.
The Highlighted Hosts screen appears.

Highlighted hosts are organized into three columns:

Column Name	Column Description
Notable Hosts	Hosts that have the highest score.
Watched Hosts	Hosts manually marked as watched because of a potential compromise or because they have exhibited suspicious behavior.
Critical Hosts	Hosts who need to be monitored more closely because they are critical to the organization.

To view the details of a specific host, click the Host ID.
The Host Details screen appears.
The table below lists the sections displayed on the Host Details screen with the location and a brief description.

Section	Location	Description
Host Directory and Host Score	Upper left-side	Contains details about the host. Also shows the host's LogRhythm NDR severity score and number of incidents associated with the host.
Host Score Time Chart	Upper right-side	Displays the host's score progression over time.
Host Activity	Lower half	Contains a graph of the host's security events over time and a searchable list of the host's activity.