Docs

Network Overview

Suggest Edits

Preview


Overview

Purpose: The Network Overview dashboard offers a summary of network activity, providing insights into protocols, source regions, Autonomous Systems (ASNs), alert trends, and traffic characteristics. It assists network administrators in monitoring overall network health, identifying high-risk traffic sources, and spotting potential issues.

Components: The dashboard includes the following visualizations:

  • Top Protocols
  • Top EU Sources
  • Top APAC Sources
  • Source AS (ASN)
  • Alert Severity
  • Source IP Cardinality
  • Bits
  • Protocols from High-Risk Countries
  • Tags
  • Port Cardinality

Getting Here

  1. From the main menu, go to Dashboards > All.
  2. Select the System tab from the top navigation.
  3. Click on Network Overview.

Main Points

Usage Scenarios: This dashboard is designed for network administrators who need a comprehensive view of network usage, high-risk traffic, and alert trends. It helps in identifying frequently used protocols, sources of traffic, and any potential anomalies in the network.

Best Practices: Regularly review top protocols, source countries, and ASNs to detect unusual activity. Use the alert severity and cardinality metrics to detect traffic spikes or anomalies.

Charts

Top Protocols

Description: A pie chart showing the distribution of network traffic across the top 5 protocols.

Key Elements:

  • Segments: Each segment represents a protocol (e.g., TCP, UDP, ICMP), with size indicating traffic volume.

Usage: Useful for identifying the most commonly used protocols within network traffic, which can provide insight into network behavior.

Top EU Sources

Description: A pie chart displaying the traffic sources from European Union (EU) countries.

Key Elements:

  • Segments: Each segment represents an EU country, with size reflecting the traffic volume originating from that source.

Usage: Helps in understanding the geographic distribution of traffic from the EU, useful for monitoring regional traffic sources.

Top APAC Sources

Description: A pie chart showing traffic sources from the Asia-Pacific (APAC) region.

Key Elements:

  • Segments: Each segment represents an APAC country, with size indicating the traffic volume.

Usage: Allows administrators to monitor traffic originating from APAC countries, aiding in regional network analysis.

Source AS (ASN)

Description: A pie chart displaying the top Autonomous Systems (ASNs) contributing to network traffic.

Key Elements:

  • Segments: Each segment represents an ASN, with size indicating traffic volume.
  • ASN Labels: Shows the top ASNs by traffic volume.

Usage: Useful for identifying which ASNs are generating or receiving the most traffic, aiding in monitoring external network sources.

Alert Severity

Description: A line chart displaying alert severity over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Alert severity level.

Usage: Monitor this chart to identify periods of increased alert activity and prioritize responses to high-severity alerts.

Source IP Cardinality

Description: A line chart showing the cardinality of source IPs over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Count of unique source IPs.

Usage: Helps track the number of unique source IPs, which can indicate network diversity or detect unusual increases in IP variety.

Bits

Description: A line chart tracking the network bitrate (in bits per second) over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Bitrate in Gbps.

Usage: Use this chart to observe fluctuations in traffic volume, which may indicate changes in network load or potential issues.

Protocols from High-Risk Countries

Description: A line chart tracking the flow rate of protocols originating from high-risk countries.

Key Elements:

  • X-axis: Time.
  • Y-axis: Flow rate in flows per second.

Usage: This chart helps in monitoring traffic from high-risk countries, aiding in proactive threat assessment.

Tags

Description: A line chart showing the flow rate of tagged traffic over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Flow rate in flows per second.

Usage: Useful for tracking traffic categorized with specific tags, which can help in identifying particular types of network activity.

Port Cardinality

Description: A line chart displaying the cardinality of destination ports over time.

Key Elements:

  • X-axis: Time.
  • Y-axis: Count of unique destination ports.

Usage: Helps in tracking the variety of ports in use, which may indicate potential security concerns if unexpected ports show activity.

Interpreting the Data

Alert Monitoring: The Alert Severity chart provides an overview of alert trends, allowing administrators to respond promptly to critical alerts.

High-Risk Traffic: The Protocols from High-Risk Countries chart identifies traffic from potentially dangerous regions, supporting proactive security measures.

Network Load: Use the Bits and Source IP Cardinality charts to monitor network load and IP diversity, helping to detect sudden increases in traffic or unusual patterns.

Additional Features

Metric Selection: Users can select specific metrics, such as bitrate, to customize the view for their analysis needs.

Time Range: Adjustable time ranges allow for focused monitoring of traffic patterns over specific periods.

Interactive Elements: The SYNC HOVER feature enables synchronized exploration across charts, providing a cohesive view of related metrics and patterns.

Updated 5 days ago