Network Overview
Preview
Overview
Purpose: The Network Overview dashboard offers a summary of network activity, providing insights into protocols, source regions, Autonomous Systems (ASNs), alert trends, and traffic characteristics. It assists network administrators in monitoring overall network health, identifying high-risk traffic sources, and spotting potential issues.
Components: The dashboard includes the following visualizations:
- Top Protocols
- Top EU Sources
- Top APAC Sources
- Source AS (ASN)
- Alert Severity
- Source IP Cardinality
- Bits
- Protocols from High-Risk Countries
- Tags
- Port Cardinality
Getting Here
- From the main menu, go to Dashboards > All.
- Select the System tab from the top navigation.
- Click on Network Overview.
Main Points
Usage Scenarios: This dashboard is designed for network administrators who need a comprehensive view of network usage, high-risk traffic, and alert trends. It helps in identifying frequently used protocols, sources of traffic, and any potential anomalies in the network.
Best Practices: Regularly review top protocols, source countries, and ASNs to detect unusual activity. Use the alert severity and cardinality metrics to detect traffic spikes or anomalies.
Charts
Top Protocols
Description: A pie chart showing the distribution of network traffic across the top 5 protocols.
Key Elements:
- Segments: Each segment represents a protocol (e.g., TCP, UDP, ICMP), with size indicating traffic volume.
Usage: Useful for identifying the most commonly used protocols within network traffic, which can provide insight into network behavior.
Top EU Sources
Description: A pie chart displaying the traffic sources from European Union (EU) countries.
Key Elements:
- Segments: Each segment represents an EU country, with size reflecting the traffic volume originating from that source.
Usage: Helps in understanding the geographic distribution of traffic from the EU, useful for monitoring regional traffic sources.
Top APAC Sources
Description: A pie chart showing traffic sources from the Asia-Pacific (APAC) region.
Key Elements:
- Segments: Each segment represents an APAC country, with size indicating the traffic volume.
Usage: Allows administrators to monitor traffic originating from APAC countries, aiding in regional network analysis.
Source AS (ASN)
Description: A pie chart displaying the top Autonomous Systems (ASNs) contributing to network traffic.
Key Elements:
- Segments: Each segment represents an ASN, with size indicating traffic volume.
- ASN Labels: Shows the top ASNs by traffic volume.
Usage: Useful for identifying which ASNs are generating or receiving the most traffic, aiding in monitoring external network sources.
Alert Severity
Description: A line chart displaying alert severity over time.
Key Elements:
- X-axis: Time.
- Y-axis: Alert severity level.
Usage: Monitor this chart to identify periods of increased alert activity and prioritize responses to high-severity alerts.
Source IP Cardinality
Description: A line chart showing the cardinality of source IPs over time.
Key Elements:
- X-axis: Time.
- Y-axis: Count of unique source IPs.
Usage: Helps track the number of unique source IPs, which can indicate network diversity or detect unusual increases in IP variety.
Bits
Description: A line chart tracking the network bitrate (in bits per second) over time.
Key Elements:
- X-axis: Time.
- Y-axis: Bitrate in Gbps.
Usage: Use this chart to observe fluctuations in traffic volume, which may indicate changes in network load or potential issues.
Protocols from High-Risk Countries
Description: A line chart tracking the flow rate of protocols originating from high-risk countries.
Key Elements:
- X-axis: Time.
- Y-axis: Flow rate in flows per second.
Usage: This chart helps in monitoring traffic from high-risk countries, aiding in proactive threat assessment.
Tags
Description: A line chart showing the flow rate of tagged traffic over time.
Key Elements:
- X-axis: Time.
- Y-axis: Flow rate in flows per second.
Usage: Useful for tracking traffic categorized with specific tags, which can help in identifying particular types of network activity.
Port Cardinality
Description: A line chart displaying the cardinality of destination ports over time.
Key Elements:
- X-axis: Time.
- Y-axis: Count of unique destination ports.
Usage: Helps in tracking the variety of ports in use, which may indicate potential security concerns if unexpected ports show activity.
Interpreting the Data
Alert Monitoring: The Alert Severity chart provides an overview of alert trends, allowing administrators to respond promptly to critical alerts.
High-Risk Traffic: The Protocols from High-Risk Countries chart identifies traffic from potentially dangerous regions, supporting proactive security measures.
Network Load: Use the Bits and Source IP Cardinality charts to monitor network load and IP diversity, helping to detect sudden increases in traffic or unusual patterns.
Additional Features
Metric Selection: Users can select specific metrics, such as bitrate, to customize the view for their analysis needs.
Time Range: Adjustable time ranges allow for focused monitoring of traffic patterns over specific periods.
Interactive Elements: The SYNC HOVER feature enables synchronized exploration across charts, providing a cohesive view of related metrics and patterns.
Updated about 1 month ago