Each Outlier Analytics model includes the following charts:
Compares anomaly scores of the top anomalous hosts for one week from the specified End time.
Use this chart if you suspect a lateral attack. To view details about the score for a specific date and hour, hover over the corresponding area in the chart.
Shows the anomaly score for the host that you selected for two weeks from the specified End time.
If you suspect that a host is under attack (for example, from exfiltration malware), use this chart to study the behavior of the IP address over time and identify anomalous patterns. To view details about a data point, hover over it.
Compares the anomaly score for the host that you selected to the top 30 hosts for the anomaly hour.
If you suspect that a network is under attack (for example, a denial of service attack), use this chart to study the behavior of other top 30 hosts during the anomaly hour. To view more details, hover over a bar in the chart, click and drag to move within the chart, and double-click to reset it to its default view.