The Perimeter Overview displays charts and interactive visualizations that help you monitor traffic that is entering and leaving your network through connections with external endpoints.
- Site Selector
- Click the site selector at the top of the page to view data for one or more sites in your environment. View combined traffic across your networks or focus on a single site to help you quickly find device data. The site selector indicates when all or some sites are offline. Because data is not available from offline sites, the charts and device pages associated with offline sites might not show data or might only show limited data. The site selector is only available from Command appliances and Reveal(x) 360.
- Executive Report
- Click Generate Executive Report to create a PDF file. The Executive Report provides a summary of the top detections and risks to your network from the last week. The Executive Report only includes information for the selected sites.
- Internal Endpoints Accepting Inbound Connections
This count chart displays the number of internal endpoints that accepted inbound connections from external endpoints during the selected time interval. Click the chart to open a filtered view of these conversations.
- Suspicious Inbound Connections
- This count chart displays the number of connections that were initiated by suspicious external endpoints. ExtraHop identifies suspicious endpoints through threat intelligence data. Click the chart to open a filtered view of these conversations.
- Suspicious Outbound Connections
- This count chart displays the number of connections that internal endpoints initiated with suspicious external endpoints. ExtraHop identifies suspicious endpoints through threat intelligence data. Click the chart to open a filtered view of these conversations.
- Total External Traffic
- This chart shows the rate that data is moving outbound and inbound from connections with external endpoints. Click the Inbound Traffic or Outbound Traffic data label to access menu options to create a new chart, search for related records, or drill down by conversation.
The halo visualization provides four views of your network connections to external endpoints: Large Uploads, Uncommon Destinations, Cloud Services, and Countries.
External endpoints are displayed in the outer ring with connections to internal endpoints, which are displayed as circles in the middle of the visualization. These visualizations enable you to prioritize your investigation for connections marked with high-risk detections or for high-value devices.
To help identify high-traffic endpoints, inner circles and outer rings increase in size as traffic volume increases. In some cases, the size of inner circles and outer ring segments might be increased for readability. Click an endpoint to display precise traffic information.
Click Large Data Upload to view connections where a large amount of data (25 MB or more) was transferred out of your network to an external endpoint in a single transmission.
Click Uncommon Destinations to view connections to uncommon or unknown endpoints.
Click Cloud Service Traffic to view connections to cloud service providers. You can toggle between views that show Bytes Out to providers and Bytes In to your network.
Click Countries to view connections broken down by the geographic location of the external endpoint. You can toggle between views that show Bytes Out to countries and Bytes In to your network.
- Hover over endpoints or connections to view hostnames and IP addresses.
- Click endpoints or connections to hold focus and display information and links for your selection in an information panel to the right.
- Adjust the time interval to view connections at specified times, such as unexpected activity during evenings or weekends.