Managing hosts in Command Center

Overview

The Hosts view in Command Center enables you to view real time Internet activity of host devices on your networks. You can select one or more appliances connected to your account to view all active hosts on those networks. By selecting a host, you can view its active sessions and all URLs the host is currently visiting. 

If you use Malwarebytes Endpoint Security software, you can view additional host details by integrating with the Malwarebytes Cloud Management system. See Managing Endpoints Via Malwarebytes Integration for more details.

Viewing hosts by appliance

To view active hosts on a network, locate the Appliances list and select one or more appliances. The Hosts table displays details about each host associated with the selected appliances.

hosts-view.png

The available details for each host include:

  • Appliance
  • Hostname
  • UID
  • Username
  • IP address
  • Mac Address
  • Mac Address vendor
  • Operating System
  • Quota and Quota usage
  • License entitlement
  • Date creation
  • Date updated

You can hide columns, sort, or filter any of the details by clicking the arrow to the right of each column and choosing an action.

Screen_Shot_2018-11-29_at_10.45.34_AM.png

Summary

By selecting a host, you can view a summary of the host in the Host Details panel at the bottom. The summary includes the same information as the details in the hosts table.

Screen_Shot_2019-01-17_at_2.17.46_PM.png

Sessions

At the bottom of the Host Details panel you can click Sessions to view all active sessions from that host. 

Screen_Shot_2019-01-17_at_2.35.10_PM.png

The available details for each session include:

  • Timestamp
  • Protocol
  • Hostname
  • Client Port
  • Server
  • Server Port
  • Server Country
  • End Time
  • License entitlement
  • Bypass
  • Tags

You can hide columns and sort any of the details by clicking the arrow to the right of each column and choosing an action.

Web Events

By clicking Web Events you can view all URLs currently visited by the selected host.

Screen_Shot_2019-01-17_at_2.31.38_PM.png

The available details for each web event include:

  • Timestamp
  • Hostname
  • Client Port
  • Server
  • Server Port
  • Domain
  • Host
  • URI
  • Method
  • Category
  • Blocked
  • Flagged
  • Reason

You can hide columns and sort any of the details by clicking the arrow to the right of each column and choosing an action.

Applications

By clicking Applications you can view all the web applications currently accessing the Internet from the selected host. 

Screen_Shot_2019-01-17_at_2.11.50_PM.png

The available details for each application connection include:

  • Server - The IP address of the remote server.
  • Server Country - The inferred location of the remote server base on IP address.
  • Application - The detected application based on the connection characteristics.
  • Category - The application category.
  • Confidence - A confidence level related to the accuracy of the detection.
  • Details - Identifiable metadata associated with the network traffic.
  • Sent - The amount of transferred data during the connection.
  • Received - The amount of received data during the connection.
  • Total - The total volume of transferred data during the connection.
  • Is Bypassed - Whether the connection was excluded from app management.
  • Is Blocked - Whether the connection was blocked.
  • Is Flagged - Whether the connection was flagged.
  • Tags - Any tags that may be associated with the connection.

Port Scan

Included in the Host Details panel is a Port Scan option. By clicking Port Scan, the appliance performs an NMAP scan on the host to identify if it has any ports exposed to the network.

Screen_Shot_2018-11-29_at_12.50.13_PM.png

Follow
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk