Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Using Reports and Analytics

Overview of Basic Reports

Basic reports provide a snapshot of key network activities and security events. These foundational reports help teams monitor ongoing network health and identify areas requiring attention.

  • Threat Summary – An outline of identified threats within the network.
  • Hostname Leakage Summary – A report on potential hostname exposures.
  • Attack Surface and Matrix Summaries – Insights into network vulnerabilities and exposure.
  • Endpoint Inventory – A detailed list of all network-connected devices.
  • Risk Report – An assessment of the network’s overall risk profile.

Exporting Data to Spreadsheets

For deeper analysis and collaboration, data from reports can be exported as spreadsheets. Exporting data helps teams share findings effectively and conduct extended analyses that go beyond the standard reporting framework. Spreadsheet exports are ideal for:

  • Custom Analyses – Conduct in-depth reviews or apply specialized metrics.
  • Trend Tracking – Observe patterns over time and track improvements or risks.
  • Integration – Use report data in other security management or analytics tools.

Threat Summary

The threat summary provides information on which endpoints have tried to communicate with unused addresses, or the dark space. The summary includes the hostname and IP address of each threat, the unused address the threat tried to contact, and the first and last time the threat was heard from.

Reporting on Hostname Leakage

Hostname leakage reports detect instances where internal hostname information may be visible to a malicious actor. This information can potentially expose sensitive network details, making it critical to identify and address any leaks. These reports enable administrators to quickly locate and remediate hostname exposure to minimize the risk of targeted attacks.

Reporting on the Attack Surface

The attack surface report identifies areas where the endpoints may be vulnerable, outlining:

  • Vulnerable Endpoints – Devices that could be targeted by attackers.
  • Exposed Services – Services accessible that could be exploited.

As a rule, you should turn off, disable, or block communications to any services that you do not need. The only services that should be exposed are services you understand and control yourself.

Endpoint Inventory

The endpoint inventory report provides a detailed list of all devices connected to the network. For each endpoint you can see what segment it is attached to (identified by Rcore), the hostname, the IP address, the MAC address, the OUI, and when the device was first and last heard from.

This inventory is crucial for asset tracking, verifying compliance, and identifying any unauthorized or high-risk devices. The endpoint inventory can be part of your IT property management procedures.

Ridgeback Risk Report

The Ridgeback Risk Report delivers a view of the network’s security posture. The report shows exposure, complexity, capacity, endpoint exposure distribution, endpoint complexity distribution, endpoint load, service load, and link load.

Exposure refers to the level of vulnerability to adverse events, such as hacking, equipment failures, and misconfigurations. Identifying and addressing hygiene concerns and misconfigurations can reduce the opportunities adversaries have to evade detection.

Complexity reflects the balance between efficiency and fragility. Increased complexity can raise the cost of maintenance and upgrades. By managing complexity, you can simplify the implementation of security measures, better isolate sensitive data, and more effectively contain potential breaches.

Capacity represents the overall scale of a network. It's crucial to monitor all endpoints and services in use to carefully manage and limit the connections and processes that could be susceptible to exploitation.

For the risk report to work, you need to enable both phantoms and the surface service.