Here are some answers to frequently asked questions about reports.
- When should I create an activity map?
- What kind of devices can I see in an activity map?
- Do applications appear in a map?
- Why don’t I see every device label in my map?
- Can I export my map?
- Can I view my map in 3D?
- What does the width of the line mean?
- Why are some circles larger than others?
- Why do some circles have an additional ring?
- How are devices grouped together on a map?
- Will map elements change color based on alert or troubleshooting status?
- Why does the map layout change while I'm viewing it?
With an activity map, you can view the connections between devices across your network in real-time or for a specific time interval. Instead of a static visualization of how your network is organized, an activity map provides a dynamic view of protocol activity on your network as it occurs. An activity map can help answer the following questions:
- Is a server that should be disconnected or decommissioned still sending or receiving traffic from other devices?
- Which services are interacting with my slow application server? Is one of these services sending an overwhelming volume of traffic that might be affecting application performance?
- Are databases or authentication servers making unauthorized connections with other devices?
Any device can appear in an activity map, except devices in Discovery Mode and devices without any protocol activity during the selected time interval. For more information about Discovery Mode, see Analysis levels.
For more information about what each icon represents, see Labels and icons in Activity maps concepts.
|Note:||Detections require a connection to the cloud-based ExtraHop Machine Learning Service.|
Click a circle with a detection marker to view and navigate to associated detections, as shown in the following figure. Risk scores are displayed on Reveal(x) only.
If detections markers are not displayed on your activity maps as expected, detections markers might be disabled. You can enable or disable detection markers from the User menu.
If alerts are assigned to a device in a map, that device can change color to highlight the most severe status of those alerts. Click Display alert status to view alert status colors.
For more information see Alert status in Activity Map concepts.