Select Insights > Outliers.
Specify the outlier metric that you want to view: EventCount, BytesIn, or BytesOut.
For the search query, specify any of the following criteria that you want to apply to the data:
Base Event Count Score of
Bytes In Score of <Model_Name>
Bytes Out Score of <Model_Name>
Source Address of <Model_Name>
Start Time of <Model_Name>
Select Detect.
Specify a valid time range for which to view the scored data.
Time range selector displays the valid date range in the date selection area to ensure that you specify a valid date range. Scoring data is performed hourly so the time range for detection is in an hourly format (YYYY-MM-DD HH). End time hour is inclusive. If the end time is 2019-05-21 05, the scoring data from 2019-05-21 05:00-06:00 will be included. To help you select time range for detection, the time range selector displays Score Available Range.
Wait while Outlier Analytics processes the request and generates the Top Anomalous Hosts table and the Outlier Scores History.
CAUTION:If Outlier Analytics retrieves a large amount of data, the search might pause. You must allow the feature to populate the Top Anomalous Hosts table before you select the Play button to resume the search. Otherwise, the table will not be displayed.
(Optional) To generate the remaining charts, select a row in the Top Anomalous Hosts table.
(Optional) To use the filter action in your investigation, complete the following steps:
Right-click a row in the grid.
Select Search for <IP_Address>.