Docs

Security Overview

Suggest Edits

Preview


Overview

Purpose: The Security Overview dashboard provides a comprehensive view of security events, top threat-related activities, and internal and external traffic flows. It is designed to help administrators identify and analyze security events, monitor top sources and destinations of traffic, and understand the relationships between internal and external services.

Components: The dashboard includes the following visualizations:

  • Top Events
  • Top Services in Cloud Environments
  • Top Threat-Related IP Destinations
  • Top Events by SrcIP Count
  • Top Events by DstIP Count
  • Top External Talkers to Internal Services
  • Top Internal Services by Traffic from External Sources
  • Top Internal to Internal Talkers by Flow Rate
  • Top Internal to Internal Cloud-to-Cloud Talkers by Flow Rate
  • Traffic to ITAR Countries by Flow Data Volume
  • Top External Destinations by Flow Data Volume

Getting Here

  1. From the main menu, go to Dashboards > All.
  2. Select the System tab from the top navigation.
  3. Click on Security Overview.

Main Points

Usage Scenarios: This dashboard is valuable for security teams and network administrators who need to monitor high-priority security events, understand traffic patterns between internal and external entities, and identify potential threats based on IP destinations and traffic flow.

Best Practices: Regularly monitor top events and threat-related IP destinations to detect potential security risks. Use the internal and external talker data to understand the flow patterns, which may reveal unexpected traffic or potential anomalies.

Charts

Top Events

Description: A table listing the most recent security events with details, including timestamp, traffic type, severity, summary, categories, flow sources, and alert type.

Key Elements:

  • Columns: Details of each event, such as severity and traffic type.
  • Scroll: Enables review of recent high-severity events for response prioritization.

Usage: Use this table to track recent security incidents, with the ability to prioritize responses based on severity and traffic type.

Top Services in Cloud Environments

Description: A pie chart displaying the distribution of top services within cloud environments.

Key Elements:

  • Segments: Each segment represents a cloud service with traffic volume.

Usage: Identifies which cloud services are most active, which is useful for monitoring cloud-based activity and potential risks.

Top Threat-Related IP Destinations

Description: A pie chart showing the top IP destinations associated with threats.

Key Elements:

  • Segments: Each segment represents an IP destination flagged as threat-related.

Usage: Helps in identifying and investigating IP destinations that may pose a risk to the network.

Top Events by SrcIP Count

Description: A table that shows the top events based on the count of source IPs.

Key Elements:

  • Columns: Event details by source IP count, including severity and flow names.

Usage: Useful for identifying events involving multiple source IPs, which may indicate coordinated or widespread activity.

Top Events by DstIP Count

Description: A table showing the top events based on the count of destination IPs.

Key Elements:

  • Columns: Event details by destination IP count, including severity and flow names.

Usage: Useful for tracking events impacting multiple destination IPs, aiding in threat assessment.

Top External Talkers to Internal Services

Description: A heat map showing top external sources communicating with internal services by traffic volume.

Key Elements:

  • X-axis: External sources.
  • Y-axis: Internal services.

Usage: Helps in identifying significant external sources, which may be useful for monitoring access to internal resources.

Top Internal Services by Traffic from External Sources

Description: A bar chart showing internal services receiving the most traffic from external sources.

Key Elements:

  • Bars: Each bar represents an internal service with traffic volume from external sources.

Usage: Useful for monitoring internal services exposed to external traffic, highlighting potential vulnerabilities.

Top Internal to Internal Talkers by Flow Rate

Description: A Sankey chart visualizing the flow rate of traffic between internal entities.

Key Elements:

  • Nodes: Represents internal sources and destinations.
  • Flow Width: Indicates traffic volume.

Usage: Helps in understanding internal traffic patterns, which can assist in identifying anomalies or high-demand services.

Top Internal to Internal Cloud-to-Cloud Talkers by Flow Rate

Description: A Sankey chart showing flow rates between cloud-based internal entities.

Key Elements:

  • Nodes: Cloud-to-cloud sources and destinations.
  • Flow Width: Represents traffic volume between cloud services.

Usage: Useful for monitoring cloud-to-cloud traffic, which may reveal important intra-cloud communications.

Traffic to ITAR Countries by Flow Data Volume

Description: A Sankey chart representing data flows to countries restricted by ITAR (International Traffic in Arms Regulations).

Key Elements:

  • Nodes: Countries involved in data flows.
  • Flow Width: Indicates volume of data flows.

Usage: Helps in monitoring compliance with ITAR regulations by tracking data flows to restricted countries.

Top External Destinations by Flow Data Volume

Description: A Sankey chart displaying data volume to top external destinations.

Key Elements:

  • Nodes: External destinations.
  • Flow Width: Represents the volume of data flows.

Usage: Useful for identifying top external data recipients, helping in understanding external traffic distribution.

Interpreting the Data

Security Events: The Top Events table and Top Threat-Related IP Destinations chart allow administrators to focus on significant security incidents and prioritize responses.

Traffic Insights: The Top External Talkers to Internal Services and Top Internal Services by Traffic from External Sources visualizations provide insights into network flow, which is helpful for detecting unusual or potentially malicious traffic patterns.

Regulatory Compliance: The Traffic to ITAR Countries by Flow Data Volume chart supports monitoring of ITAR compliance by tracking traffic to restricted regions.

Additional Features

Metric Selection: Users can choose specific metrics, such as bitrate, to customize the view for their analysis needs.

Time Range: Adjustable time ranges allow for focused monitoring of recent or historical data.

Interactive Elements: The SYNC HOVER feature enables synchronized exploration across charts, enhancing the analysis of related metrics and traffic flows.

Updated about 1 month ago