Report on Hosts
This tool allows you to generate a report on the breakdown of a value present on the Hosts returned
by your query. For example, to generate a report on ports seen on Hosts with HTTP services, you could
query for services.service_name: HTTP
and then generate a report on the breakdown
of the field
services.port
Report for Hosts
services.service_name | services | |
---|---|---|
HTTP | 7,370 | 48.52% |
MODBUS | 2,681 | 17.65% |
CODESYS | 951 | 6.26% |
UNKNOWN | 825 | 5.43% |
IEC60870_5_104 | 694 | 4.57% |
S7 | 461 | 3.03% |
SSH | 384 | 2.53% |
IKE | 306 | 2.01% |
L2TP | 298 | 1.96% |
TELNET | 231 | 1.52% |
VNC | 221 | 1.45% |
FTP | 178 | 1.17% |
NTP | 128 | 0.84% |
DNS | 55 | 0.36% |
RTSP | 50 | 0.33% |
SNMP | 44 | 0.29% |
FOX | 40 | 0.26% |
HIKVISION | 35 | 0.23% |
SMTP | 33 | 0.22% |
PPTP | 28 | 0.18% |
EIP | 23 | 0.15% |
PCWORX | 18 | 0.12% |
OPENVPN | 17 | 0.11% |
PORTMAP | 13 | 0.09% |
DCERPC | 12 | 0.08% |
NETBIOS | 12 | 0.08% |
CWMP | 9 | 0.06% |
BACNET | 7 | 0.05% |
DNP3 | 7 | 0.05% |
TFTP | 7 | 0.05% |
RDP | 5 | 0.03% |
DIGI | 4 | 0.03% |
MMS | 4 | 0.03% |
SIP | 4 | 0.03% |
ATG | 3 | 0.02% |
FINS | 3 | 0.02% |
FORTIGUARD | 3 | 0.02% |
MDNS | 3 | 0.02% |
MIKROTIK_BW | 3 | 0.02% |
SMB | 3 | 0.02% |
ICAP | 2 | 0.01% |
MSMQ | 2 | 0.01% |
MYSQL | 2 | 0.01% |
OPC_UA | 2 | 0.01% |
POSTGRES | 2 | 0.01% |
ECHO | 1 | 0.01% |
GE_SRTP | 1 | 0.01% |
IPMI | 1 | 0.01% |
MQTT | 1 | 0.01% |
MSSQL | 1 | 0.01% |
Remaining Results | 2 | 0.01% |
Total | 15,190 | 100.0% |
JSON Report
{
"query": "(not services.truncated: true and services.service_name: {ATG, BACNET, CITRIX, CODESYS, DIGI, DNP3, EIP, FINS, FOX, GE_SRTP, IEC61850_5_104, MODBUS, PCWORX, PRO_CON_OS, S7, WDRPC}) and location.city=`Istanbul`",
"field": "services.service_name",
"total": 15190,
"duration": 47,
"total_omitted": 2,
"potential_deviation": 0,
"buckets": [
{
"key": "HTTP",
"count": 7370
},
{
"key": "MODBUS",
"count": 2681
},
{
"key": "CODESYS",
"count": 951
},
{
"key": "UNKNOWN",
"count": 825
},
{
"key": "IEC60870_5_104",
"count": 694
},
{
"key": "S7",
"count": 461
},
{
"key": "SSH",
"count": 384
},
{
"key": "IKE",
"count": 306
},
{
"key": "L2TP",
"count": 298
},
{
"key": "TELNET",
"count": 231
},
{
"key": "VNC",
"count": 221
},
{
"key": "FTP",
"count": 178
},
{
"key": "NTP",
"count": 128
},
{
"key": "DNS",
"count": 55
},
{
"key": "RTSP",
"count": 50
},
{
"key": "SNMP",
"count": 44
},
{
"key": "FOX",
"count": 40
},
{
"key": "HIKVISION",
"count": 35
},
{
"key": "SMTP",
"count": 33
},
{
"key": "PPTP",
"count": 28
},
{
"key": "EIP",
"count": 23
},
{
"key": "PCWORX",
"count": 18
},
{
"key": "OPENVPN",
"count": 17
},
{
"key": "PORTMAP",
"count": 13
},
{
"key": "DCERPC",
"count": 12
},
{
"key": "NETBIOS",
"count": 12
},
{
"key": "CWMP",
"count": 9
},
{
"key": "BACNET",
"count": 7
},
{
"key": "DNP3",
"count": 7
},
{
"key": "TFTP",
"count": 7
},
{
"key": "RDP",
"count": 5
},
{
"key": "DIGI",
"count": 4
},
{
"key": "MMS",
"count": 4
},
{
"key": "SIP",
"count": 4
},
{
"key": "ATG",
"count": 3
},
{
"key": "FINS",
"count": 3
},
{
"key": "FORTIGUARD",
"count": 3
},
{
"key": "MDNS",
"count": 3
},
{
"key": "MIKROTIK_BW",
"count": 3
},
{
"key": "SMB",
"count": 3
},
{
"key": "ICAP",
"count": 2
},
{
"key": "MSMQ",
"count": 2
},
{
"key": "MYSQL",
"count": 2
},
{
"key": "OPC_UA",
"count": 2
},
{
"key": "POSTGRES",
"count": 2
},
{
"key": "ECHO",
"count": 1
},
{
"key": "GE_SRTP",
"count": 1
},
{
"key": "IPMI",
"count": 1
},
{
"key": "MQTT",
"count": 1
},
{
"key": "MSSQL",
"count": 1
}
]
}