Reports module is the place where you see what is happening on your network, which rules are hitting and more in real-time.
All reports have their charts set up. You'll be provided with the charts relevant to the report you're on.
Zenarmor (Sensei)'s rich reporting allows you both to see the overall network activity in a birds-eye view, and if you want to inspect in detail, you can select any chart item and drill-down to details. You can drill-down as many levels as you like.
In any time, you can click on the
Sessions Explorer to see per-connection details for the current reporting level.
For instance, if you selected
Drill-down for Streaming application category and then you drilled down to "192.168.1.1" IP address, all reports will be displaying information regarding the Streaming activity of 192.168.1.1 IP Address.
When you launch the
Sessions Explorer, the displayed records will have the same drill-down filter, so you'll only see the sessions belonging to 192.168.1.1 IP address doing Streaming.
On the top right hand-side, you can select customize the reporting criteria
You can select the metrics used to create the reports. Do you want to see how many sessions are created, or how many packets transmitted, or may be the number of bytes transferred? You can select which information you want to see here. They can be either one of them:
Sessions: number of connections / transactions
Packets: number of packets
Volume: number of bytes
You can define a time interval. Time interval can be:
- Last 5 minutes
- Last 1 hour
- Last 1 day
- Last 1 week
- Last 1 month
- Custom time
This is the auto-refresh interval for the reports to automatically refresh with new data.
You can drill-down to the data you see on the page by clicking on any of the charts displayed, and filter out the data. It will be automatically applied to all the charts.
Figure 1. Using the Drill Down
You can filter out the reports by clicking
+ Add Filter button on top of each report page.
Figure 2. Add Filter
- Select what to filter.
Figure 3. Filter Types
- Enter the keyword
Figure 4. Entering keyword to filter
If you're on
Connections tab, you can try
Addto apply your filter to the current report page.
Figure 5. Connections filtered out for Application Category = Media Streaming
Explorer module displays and lets you browse the relevant data about the report you're on. All reports have slightly different versions of the explorer. You'll notice how the explorer consolidates the data and changes functionality based on the report you're exploring.
To open up The
Explorer, click on the button upper right corner of the page.
Each report page has an explorer screen that renders detailed connection logs with a searchable, sortable fashion.
There is a dynamic text search area at the upper right corner of every explorer screen. It helps you to filter all the data in the grid as you type.
Figure 6. Blocked live sessions explorer
You'll find three buttons for each log item.
Infoicon: Provides connection details.
Figure 7. Connection Details Window
Actionicon: Helps you to block or allow that particular connection.
Figure 8. Blocking via Action button on reports
Queryicon: Renders a form to query whois data for that connection.
Figure 9. Whois Query
Figure 10. Whois Query Result
Due to the nature of the job, Zenarmor creates a vast amount of data and creates meaningful graphics based on them. Each Sub-Module has its own chart setup.
Use drill-down filter by right clicking on any of the charts displayed to filter out the data. It will be automatically applied to all the charts as is.
- App Categories Breakdown
- Apps Breakdown
- Top Local Hosts
- Top Remote Hosts
Figure 11. Connection Reports
- Egress New Connections by App Over Time
- Eggress New Connections by Source Over Time
- New Connections & Unique Remote Hosts
- Unique Local Hosts over Time
Figure 12. Eggress Reports
- Conns - Facts
- Egress New Connections Heatmap
- Top Destination Locations Heatmap
- Table of Local Assets
Figure 13. Connection Reports
- Table of Apps
- Table of Remote Hosts
- Top Remote Ports
- Top Locale Serving Ports
Figure 14. Connection Reports
- Alerts - Top Blocks
- Alerts - Blocked Local Hosts and Reasons
- Alerts - Blocked Conversations Heatmap
- Alerts - Blocked Local Hosts Over Time
Figure 15. Security Reports
- Web - Top Categories
- Web - HTTP Transactions by Source Over Time
- Web - Top Talkers Heatmap
- Web - Tag Cloud Top Request Methods
- Web - Tag Cloud Top HTTP Versions
Figure 16. Web Reports
- DNS Transactions Heatmap
- DNS Queries Distribution
- DNS Query Types Tag Cloud
- DNS Response Codes Tag Cloud
Figure 17. DNS Reports
- TLS - Top Talkers Heatmap
- TLS - Web Categories Breakdown
- TLS - Top TLS Session Creators Over Time
- TLS - Destination Ports Tag Cloud
- TLS - Top TLS Servers Over Time
Figure 18. TLS Reports