Create an activity map

An activity map is an interactive 2D or 3D display of real-time device connections based on protocol activity between devices. Activity maps help you visualize traffic flows and kick off troubleshooting based on an interesting data point in a map.

You can create an activity map for an active single device or a device group. After generating a basic map, you can then filter devices and connections in your map.

Note:You can create activity maps for devices in Advanced, Standard, and L2 Parent Analysis. You cannot create an activity map for devices in Discovery Mode. For more information, see Analysis priorities.

Create a basic activity map

A basic activity map shows you a single step, or level, of device connections between origin devices and peer devices on your network.

Note:You can only create activity maps for devices in Standard Analysis and Advanced Analysis.
  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. At the top of the page, click Assets.
  3. Complete one of the following steps based on the origin type of the activity map:
    Option Description
    For a device Click Devices in the left pane and then click an individual device name.
    For a device group Click Device Groups in the left pane and then click a device group name.
    For a device group by protocol activity Click Activity in the left pane and then click the group of clients, servers, or devices for the protocol you want.
  4. Click one of the following links to create the activity map:
    Option Description
    For a device Click Peer devices, located at the top of the page.
    For a device group Click Activity Map, located near the upper right corner of the page.
    Note:If the device or device group has no protocol activity during the specified time interval, the activity map appears without any data. Change the time interval or your origin selection and try again.
  5. From the activity map, filter connections by protocol activity by completing the following steps:
    1. Click the drop-down list in the Step 1 section of the left pane, as shown in the following figure.


    2. At the top of the drop-down list, search for and select a protocol activity and role. You can make more than one selection.
    3. Click anywhere outside of the drop-down list.
  6. (Optional): Change the primary origin device by completing the following steps:
    1. In the Start from section in the left pane, click the device or group name. A drop-down list appears.


    2. Search for and select another device or group to dynamically update the map origin for the map you are viewing.
  7. (Optional): Create an ad hoc group of sources to quickly investigate traffic originating from multiple devices in the same map. Click Add Source.


Add connections and filter devices in your map

To better understand the path of traffic from origin devices to downstream devices, you can add more steps to your map. You can also create filters to include or exclude devices from the map. The following figure shows you how to add steps and create filters.

Add another level of device connections

A step defines a level of connection between devices in a map. Devices in each step have a relationship to the devices in the previous step. These relationships are defined by their protocol activity. You can add up to 5 steps to see how traffic flows from one device to another.

  1. Click Add Step, as shown in the following figure. All Peers is selected by default.


  2. At the top of the drop-down list, search for and select a protocol activity and role. You can make more than one selection.


  3. Click anywhere outside of the drop-down list.

Include or exclude devices

You can filter devices within a step by their device group membership.

  1. Click Add Group Filter.


  2. Click a drop-down list to search for and select a device group.
  3. Click anywhere outside of the filter menu to apply your filters.
  4. To remove or change a filter, complete the following steps:
    1. Click the device group name.


    2. Change the filter by clicking the drop-down list and then selecting another device group.
    3. Remove the filter by clicking the x icon, as shown in the following figure.


    4. Click anywhere outside of the filter menu to apply your filter updates.
Last modified 2023-11-07