Monitors: Summary tab
Summarytab on the
Monitorspage displays concise, high-level summaries of important log data to give you an immediate picture of security status. All summaries display events for the time period that you configure for the
Homepage in the
Preferencesdialog box. The default value is to display events for the last 12 hours.
You can click any chart to see more details about the summaries in a new window.
Top Machines with Deception Activity
Displays the top client computers that get hit by attacker activity, as indicated by events from deceptors on the given computers.
A deceptor consists of artifacts such as files that are delivered to client computers. When an attacker touches an artifact, the artifact triggers an event. By design, the artifacts are hidden from the everyday user, but are interesting to an intruder.
Top Processes with Deception Activity
Displays the caller processes that attackers use to trigger deception events. For example, if ping.exe was used to trigger the Network Lookup (DNS) Deceptor, then ping.exe is the caller process.
Top Users with Deception Activity
Displays the users that get hit by attacker activity the most, based on events from deceptors on the client computers the users use.
Top Deceptors Triggered
Displays which deceptors that were touched the most.
Displays the overall distribution of risks.
Displays a table of newly found risks, the entity that detected them, and the computer that they were found on. A new risk is a risk that has been detected for the first time during the view's time period. As the summary view ages, the risks drop out of the list as the database purges log entries.
You can configure the time period that is used for the summaries from the
Homepage in the
For example, suppose that you set your time period to the past 24 hours and your database to retain entries for 2 months. If the XYZ risk was last detected 6 months ago, it is no longer in an entry in the database. If
Symantec Endpoint Protectiondetects XYZ within the past 24 hours, it appears here as a new risk.
Displays the distribution of SONAR threats that have been found.
Risk Distribution by Source
Displays a summary of the risk distribution by the source of the risk.
Risk Distribution by Group
Displays a summary of the risk distribution by the groups.
Top Targets Attacked by Subnet
Displays a summary of the top targets that have been attacked. You can select from the list box to organize the targets by groups, subnets, clients, or ports.
You can click the pie chart to see more details in a new window.
Attack Event Types
Displays a summary of the types of security events that have occurred.
Top Sources of Attack
Displays a summary of the top sources of the attacks.
Memory Exploit Mitigation Detections
Displays a summary of the Memory Exploit Mitigation events.
Security Events by Severity
Displays the distribution of events by severity: Critical, Major, Minor, and Informational.
Compliance Status Distribution
Displays the clients that have failed the Host Integrity check that runs on their computer.
Clients by Compliance Failure Summary
This summary displays the failure rate of the overall requirement. For example, it displays a count of the unique workstations by the type of control failure event, such as antivirus, firewall, or VPN as a bar chart.
Compliance Failure Details
Displays the failure rate of the individual checks that comprise a Host Integrity requirement. Provides more details than the
Clients by Compliance Failure Summary. For example, it displays the clients that do not have antivirus installed separately from those that have out-of-date virus definitions.
Displays the overall security health status of the site. You can click the status to see the full site status report.
Top Error Generators By Server
Displays a summary of the top servers that generated errors and warnings.
Top Error Generators By Client
Displays a summary of the top clients that generated errors and warnings.
Replication Failures Over Time
Displays a summary of the database replication failures that have occurred during the configured time period.