Daily Host Alerts Report: Users Accessing Hosts

by David Schwalenberg
January 15, 2014

This report presents a list of all hosts and the users that have accessed them in the last 5 days, as recorded by Daily_Host_Alert events. The LCE event Daily_Host_Alert generates, once per day, an alert the first time an event from a local host (such as a DNS lookup or LCE client connect) is seen.

This report can be used to verify that hosts are being accessing only by users that are authorized to access them.

Note that this report might be very long (hundreds of pages), depending on the number of systems and users on the network. Consider modifying the iterator in the report definition and filtering on an asset to produce a more specific and more manageable report.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Discovery & Detection. The report requirements are:

  • SecurityCenter 4.7
  • LCE 4.2.1