Perimeter Overview

The Perimeter Overview displays charts and interactive visualizations that help you monitor traffic that is entering and leaving your network through connections with external endpoints.

Internal Endpoints Accepting Inbound Connections

This count chart displays the number of internal endpoints that accepted inbound connections from external endpoints during the selected time interval. Click the chart to open a filtered view of these conversations.

Suspicious Inbound Connections
This count chart displays the number of connections that were initiated by suspicious external endpoints. ExtraHop identifies suspicious endpoints through threat intelligence data. Click the chart to open a filtered view of these conversations.
Suspicious Outbound Connections
This count chart displays the number of connections that internal endpoints initiated with suspicious external endpoints. ExtraHop identifies suspicious endpoints through threat intelligence data. Click the chart to open a filtered view of these conversations.
Total External Traffic
This chart shows the rate that data is moving outbound and inbound from connections with external endpoints. Click the Inbound Traffic or Outbound Traffic data label to access menu options to create a new chart, search for related records, or drill down by conversation.

Halo visualization

The halo visualization provides two views of your network connections to external endpoints: Exfiltration and Command and Control. In both views, external endpoints are displayed in the outer ring with connections to internal endpoints, which are displayed as circles in the middle of the visualization. You can prioritize your investigation for connections marked with high-risk detections or for critical assets.

Click Exfiltration to view connections where a large amount of data (25 MB or more) was transferred out of your network to an external endpoint in a single transmission.

Click Command and Control to view connections to uncommon or unknown endpoints.

In both views, here are some ways that you can interact with the halo visualization:
  • Hover over endpoints or connections to view hostnames and IP addresses.
  • Click endpoints or connections to hold focus and display information and links for your selection in an information panel to the right.
  • Adjust the time interval to view connections at specified times, such as unexpected activity during evenings or weekends.
Published 2019-10-11 14:53