Real Time Host Discovery
As you may have noticed we gather quite a bit of information about the hosts running on your network such as OS type, DNS, HTTP agents, DNS, etc. This information is available on the assets report or as a mouse-over when you hover any of the hosts in the HOME_NET. Unfortunately, some of this host information changes very rapidly and it is hard to correlate with specific events. For example a single host may be using many agents or a proxy may show many OS types. Also DHCP information will show that the same IP may have multiple MAC addresses.
For this reason we added the latest host information to the BotHunter, Tracker and Network Antivirus reports to tell you what specific host information was available precisely at the time of the incident. We are still looking for other improvements, if you have any suggestions, please do not hesitate to send us email at firstname.lastname@example.org.