Network Overview
The Network Overview displays a map of the detections on your network and a list of the top offenders by detection count. The Network Overview refreshes the detection map and top offender data every minute.
- Site Selector
- Click the site selector at the top of the page to view data for one or more sites in your environment. View combined traffic across your networks or focus on a single site to help you quickly find device data. The site selector indicates when all or some sites are offline. Because data is not available from offline sites, the charts and device pages associated with offline sites might not show data or might only show limited data. The site selector is available from a console.
- (NDR module only) Executive Report
- Click Generate Executive Report to create a PDF file. The Executive Report provides a summary of the top detections and risks to your network from the last week. The Executive Report only includes information for the selected sites.
- Detection category toggle
- You can toggle between views that show All Attack Detections or All Performance Detections, depending on enabled modules and your module access.
Top offenders
This list shows top offenders determined by the number of detections where the device or endpoint acted as an offender.
- Click a device or endpoint in the list to highlight associated detections in the detection map and view device properties and access links to endpoint lookup sites, detections, records, or packets.
- Depending on the selected detection category and your system module, click the View All Attack Detections or View All Performance Detections link to go to the Detections page, filtered by detection category and grouped by source.
- Select the Show detections with no victims checkbox to display detections that do not include a victim participant. For example SSL/TLS Scans and certain caution detections for suspicious activity only include an offender.
Detection map
The detection map displays the offender and victim for all detections selected in the detection category toggle.
Circles are highlighted in red if the device has appeared as an offender in at least one detection during the selected time interval and are highlighted in teal if the device is a victim.
The participants are connected by lines that are labeled with the detection type or number of detections associated with the connection, and device roles are represented by an icon.
- Click a circle to view device properties and access links to endpoint lookup sites, detections, records, or packets.
- Click a connection to view associated detections.
- Hover over a circle to see device labels and highlight device connections.
Learn more about Detections.
Thank you for your feedback. Can we contact you to ask follow up questions?