Service Visibility

The Visualize | Predefined | Service Visibility page enables users to better understand the traffic data ingested to the network (not security events). You may use this to optimize the network traffic and have better visibility from one network segment to another, such as private to private, private to public, public to private, and public to public.

The data in this display includes only raw traffic data that matches the current filter settings. See the Filters page for more information.

A sample screen is provided in the image below.

The tab bar at the top offers the following display options:

  • Private-to-Private Services—These connections occur fully within the private network.

  • Public-to-Private Services—When a connection starts from a public address to a private address it is placed in this category.

  • Private-to-Public Services—When a connection starts from a private address to a public address it is placed in this category.

  • Public-to-Public Services—This type of connection occurs between two public addresses.

When one of these options is clicked, the display is adjusted accordingly. The components of the display are described below.

Service Distribution

This section is at the top of the dashboard and shows a bar chart that lists the top applications being used and the number of connections that have occurred for each in the selected data.

Connection Chart

The Connection chart appears in the lower left corner of the dashboard and shows the top connections with their peers and colored by category. Use the following controls to work with this chart:

  • Top NN Menu: This menu restricts the list of connections to the top NN destinations and then, for those, the top NN sources.

  • Chart Visibility: Use the zoom controls to the right of the Top NN Menu to shrink or enlarge the chart. Use these controls, rather your web browser zoom controls to increase or decrease chart size. You can also drag the chart to a different location in the containing frame.

  • Legend: Illustrates the purpose of the chart colors. Click the white arrow to show or hide the legend. You can click in the body of the chart to filter on one of the legend types (Source, Destination, Bad Reputation)

  • Asset Details: Click the asset label to display more details on the specific asset. From within the displayed dialog, you can perform a set of standard actions using that asset. Click the symbol to display a menu and select your desired action.

  • Connection Selection: You can create a quick filter by clicking a chart segment. In the example below, there are more than 8000 connections occurring between the address pair of 8.8.8.8 and 10.33.2.31. Clicking this segment has added a filter to the overall page, as shown below.

Table

In the lower right corner of the dashboard a table is provided that provides access to each event in the data set that is currently selected. The data shown includes the time, basic information on the source and destination hosts, the application name and number of bytes transferred. For more information, click an entry's More Info button to bring up the Event Display for a specific record.

See the Tables page for more information on working with tables.