Daily Host Alerts Report: Hosts Accessed by Users

by David Schwalenberg
January 8, 2014

This report presents a list of all users and the hosts they have accessed in the last 5 days, as recorded by Daily_Host_Alert events. The LCE event Daily_Host_Alert generates, once per day, an alert the first time an event from a local host (such as a DNS lookup or LCE client connect) is seen. 

This report can be used to verify that users are only accessing hosts that they are authorized to access.

Note that this report might be very long (hundreds of pages), depending on the number of systems and users on the network. Consider modifying the iterator in the report definition and filtering on an asset to produce a more specific and more manageable report.

 The report is available in the SecurityCenter 4.7 Report app feed, an app store of dashboards, reports, and assets.  The report requirements are:

  • SecurityCenter 4.7
  • LCE 4.2.1