Perception Update - Statistics Dashboard

A new user dashboard displaying global statistics for the monitored network.

This feature provides the analyst with high-level information relating to the monitored network.  This enables them to spot unusual activity at the global scale and perform more detailed analysis on the individual hosts involved.

Threat analysis often comes down to using the time and resources available wisely to give you the best chance of finding something malicious or vulnerable.  Perception has always been specifically designed to help analysts focus on what’s important, so having a visual aid to help draw the analyst’s attention to certain aspects of a network is incredibly important.

The statistics dashboard itself is split into two halves; the left looking at the last hour, and the right looking at the previous 24 hours.  The data shown includes types of behaviour, frequency of behaviours, particularly noisy hosts, and the least common destinations outside of the network.  This interface is designed to help focus the analyst on hosts without having to jump out to a SIEM tool, saving valuable time and increasing Perception’s ease of use. 

Phil Andreotti, Head of Perception Service, said, “I typically switch between the events view, the ForensicAI view, and the statistics dashboard.  The statistics dashboard can show me exactly which boxes are demonstrating multiple types of a single behaviour, or multiple different types of behaviour which in certain combinations can be malicious.  Using this information I can quickly check up on a host to make sure the activity is legitimate before going on with the rest of my tasks.  The information about least common destinations outside of the network can immediately point me towards a host that is communicating with an unusual IP address, which can help pick out malicious behaviour limited to a single machine.”

This update is SOC based, and is now actively in use by all analysts working on monitored customers.  Self-monitored customers can update their own SOC boxes using the software upgrade process, and read the user guide to understand how to best make use of the statistics dashboard.  If you have any further questions about this upgrade please contact us at