Daily Host Alerts Report: Hosts Accessed by Users

by David Schwalenberg
January 8, 2014

This report presents a list of all users and the hosts they have accessed in the last 5 days, as recorded by Daily_Host_Alert events. The LCE event Daily_Host_Alert generates, once per day, an alert the first time an event from a local host (such as a DNS lookup or LCE client connect) is seen. 

This report can be used to verify that users are only accessing hosts that they are authorized to access.

Note that this report might be very long (hundreds of pages), depending on the number of systems and users on the network. Consider modifying the iterator in the report definition and filtering on an asset to produce a more specific and more manageable report.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Discovery & Detection. The report requirements are:

  • SecurityCenter 4.7
  • LCE 4.2.1