Docs

Initial Home

Suggest Edits

Preview

Overview

Purpose: The Initial Home dashboard provides a high-level overview of network activity, flow analysis, DNS queries, and detection alerts. It helps network administrators monitor essential traffic patterns, identify top communicators in the network, and respond to security alerts based on priority.

Components: The dashboard includes the following visualizations:

  • Netflow/sFlow
  • Cloud Flow
  • DNS Records
  • Top Flow Accounts
  • Top DNS Accounts
  • Top Talkers
  • Top Conversations (Egress and Lateral)
  • Top Service Ports
  • Top AS Info by Destination
  • Top Geolocations by Destination
  • Top Protocols
  • DNS Query Cardinality
  • DNS: Top External Domains
  • DNS: Top Cloud Services Requested
  • Events
  • Detection Asset Locations
  • Detections

Getting Here

  1. From the main menu, go to Dashboards > All.
  2. Select the System tab from the top navigation.
  3. Click on Initial Home.

Main Points

Usage Scenarios: This dashboard is valuable for gaining insights into overall network health, identifying top sources and destinations of traffic, monitoring DNS requests, and responding to prioritized security alerts.

Best Practices: Regularly monitor the top talkers, conversations, and DNS activity to identify unusual patterns. Use the detection alerts and event counts to prioritize responses to potential security threats.

Charts

Netflow/sFlow

Description: A line chart showing flow rate from Netflow or sFlow data sources over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Flow rate in packets per second (pps).

Usage: Helps track overall network traffic captured by Netflow/sFlow sources, aiding in performance monitoring.

Cloud Flow

Description: A line chart representing flow rate for cloud network traffic over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Flow rate in packets per second (pps).

Usage: Useful for monitoring traffic within cloud environments, which may indicate load or performance trends.

DNS Records

Description: A line chart showing DNS query rates over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: DNS query rate.

Usage: Tracks DNS query activity, helping to identify spikes or unusual query patterns.

Top Flow Accounts

Description: A bar chart showing the top flow accounts by traffic volume.

Key Elements:

  • Bars: Each bar represents an account, with length indicating flow volume.

Usage: Helps identify which accounts are generating the most flow traffic in the network.

Top DNS Accounts

Description: A bar chart displaying the top DNS accounts based on query activity.

Key Elements:

  • Bars: Represent DNS accounts, with length indicating query volume.

Usage: Useful for monitoring DNS activity by account, identifying high-query accounts for further analysis.

Top Talkers

Top Conversations - Egress

Description: A bar chart showing the top egress conversations by traffic volume.

Key Elements:

  • Bars: Each bar represents a conversation, with length indicating traffic volume.

Usage: Identify top sources of outgoing traffic to monitor network usage.

Top Conversations - Lateral

Description: A bar chart representing lateral conversations within the network.

Key Elements:

  • Bars: Each bar indicates a conversation, showing lateral traffic volumes.

Usage: Helps identify top internal conversations, useful for monitoring east-west traffic.

Top Service Ports

Description: A pie chart displaying traffic volume by service port.

Key Elements:

  • Segments: Each segment represents a service port, with size indicating traffic volume.

Usage: Useful for identifying high-traffic ports, aiding in security monitoring.

Top AS Info by Destination

Description: A pie chart representing top destination Autonomous Systems (AS).

Key Elements:

  • Segments: Each segment represents a destination AS.

Usage: Monitors traffic distribution across different AS destinations.

Top Geolocations by Destination

Description: A pie chart showing traffic by destination geolocation.

Key Elements:

  • Segments: Each segment represents a country, showing the geographic distribution of traffic.

Usage: Provides insights into the geographic sources or destinations of traffic.

Top Protocols

Description: A pie chart representing traffic volume by protocol type.

Key Elements:

  • Segments: Each segment represents a protocol (e.g., TCP, UDP).

Usage: Helps in identifying commonly used protocols within network traffic.

DNS Query Cardinality

Description: A line chart showing the unique DNS query cardinality over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Unique DNS queries.

Usage: Useful for identifying DNS query diversity, which may indicate anomalous behavior.

DNS: Top External Domains

Description: A bar chart showing the most queried external domains.

Key Elements:

  • Bars: Each bar represents an external domain.

Usage: Identifies top external DNS queries, helpful for monitoring traffic to external domains.

DNS: Top Cloud Services Requested

Description: A pie chart displaying the top cloud services queried.

Key Elements:

  • Segments: Each segment represents a cloud service.

Usage: Provides insights into cloud service usage within DNS traffic.

Events

High, Medium, Low Priority Issues

Description: Displays the count of detection issues categorized by priority.

Key Elements:

  • Counts: Shows the number of high, medium, and low priority issues.

Usage: Monitor this section to prioritize responses to detection issues.

Detection Asset Locations

Description: A map showing the locations of detection assets.

Key Elements:

  • Map Points: Each point represents a location with an associated issue.

Usage: Helps in visualizing geographic distribution of detection assets and issues.

Detections

Description: A table providing details of recent detections, including timestamp, severity, traffic type, and alert type.

Key Elements:

  • Columns: Detailed information about each detection event.

Usage: Use this table for reviewing recent detection events, prioritizing response actions based on severity and traffic.

Interpreting the Data

Traffic Insights: The Top Talkers, Top Conversations, and Top Protocols charts help identify the main sources and types of traffic within the network.

DNS Monitoring: The DNS Records and DNS Query Cardinality charts allow administrators to monitor DNS activity and detect any unusual patterns or high-frequency queries.

Security Alerts: The Events and Detections sections provide prioritized alerts and details on recent security events, aiding in rapid response to potential threats.

Additional Features

Metric Selection: Allows users to choose metrics such as bitrate to customize the view and focus on specific aspects of network activity.

Time Range: Users can adjust the time range to focus on specific periods for detailed analysis.

Interactive Elements: The SYNC HOVER feature provides synchronized insights across charts, allowing users to explore connections between different metrics in the dashboard.

Updated about 1 month ago