Monitor a device for external IP address connections

If you have an authentication server or database that should not connect to IP addresses outside of your internal network, you can create a value chart in a dashboard that tracks External Accepted and External Connected metrics. From your dashboard, you can then monitor the number of external connections for a specific device.

Tip:By default, any device with an RFC1918 IP address (included in a 10/8, 172.16/12, or 192.168/16 CIDR block) that the ExtraHop system automatically discovers is classified as an internal device. Because some network environments include non-RFC1918 IP addresses as part of their internal network, you can specify the locality of an IP address on the Network Localities page.

The following steps show you how to create a value chart for these TCP metrics and then add the chart to a dashboard.

  1. Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
  2. Click Assets at the top of the page.
  3. Click Devices in the left pane.
  4. Find a device and then click the device name.
  5. Click TCP in the left pane. In the Total Connections chart in the upper left corner, the External Accepted and External Connected metrics display how many IP addresses outside of your internal network are connected to the device.
  6. Click the Total Connections chart title.
  7. From the drop-down menu, select Create chart from…. The Metric Explorer opens with the device and TCP metrics already selected in the chart.
  8. At the bottom of the Metric Explorer, click the Value chart.
  9. In the left pane in the Metric section, click the x icon to delete each TCP metric that you do not want to view in the chart, as shown in the following figure.

    Your dashboard now contains metrics that help you track the ratio of all accepted connections to external accepted connections, and the ratio of all initiated connections to external initiated connections.
  10. (Optional): Make additional edits to the chart with the Metric Explorer.
  11. Click Add to Dashboard and complete one of the following options:
    • Select the name of an existing dashboard from the list. The dashboard list is ordered from the most recently created dashboards (at the bottom) to the oldest dashboards (at the top).
    • Select Create Dashboard. In the Dashboard Properties window, type a name for the new dashboard and then click Create.
  12. (Optional): Make additional edits to the dashboard layout.
  13. Click Exit Layout Mode. Your dashboard is complete.
Last modified 2024-04-02