Zenarmor Reports Overview for OPNsense
Reports module is the place where you see what is happening on your network, which rules are hitting and more in real-time.
All reports have their charts set up. You'll be provided with the charts relevant to the report you're on.
Start with the big picture, drill-down to details
Zenarmor (Sensei)'s rich reporting allows you both to see the overall network activity in a birds-eye view, and if you want to inspect in detail, you can select any chart item and drill-down to details. You can drill-down as many levels as you like.
At any time, you can click on the
Sessions Explorer to see per-connection details for the current reporting level.
For instance, if you selected
Drill-down for Streaming application category and then you drilled down to "192.168.1.1" IP address, all reports will be displaying information regarding the Streaming activity of 192.168.1.1 IP Address.
When you launch the
Sessions Explorer, the displayed records will have the same drill-down filter, so you'll only see the sessions belonging to 192.168.1.1 IP address doing Streaming.
On the top right-hand side, you can select customize the reporting criteria
You can select the metrics used to create the reports. Do you want to see how many sessions are created, or how many packets are transmitted, or may be the number of bytes transferred? You can select which information you want to see here. They can be either one of them:
Sessions: number of connections / transactions
Packets: number of packets
Volume: number of bytes
Reporting Time Interval
You can define a time interval. The time interval can be:
- Last 5 minutes
- Last 1 hour
- Last 1 day
- Last 1 week
- Last 1 month
- Custom time
This is the auto-refresh interval for the reports to automatically refresh with new data.
Using the Drill-Down Filter
You can drill-down to the data you see on the page by clicking on any of the charts displayed, and filtering out the data. It will be automatically applied to all the charts.
Figure 1. Using the Drill Down
How to Use Generic Filter
You can filter out the reports by clicking
+ Add Filter button on top of each report page.
Figure 2. Add Filter
- Select what to filter.
Figure 3. Filter Types
- Enter the keyword
Figure 4. Entering keyword to filter
If you're on
Connections tab, you can try
Addto apply your filter to the current report page.
Figure 5. Connections filtered out for Application Category = Media Streaming
The Explorer and How to Use It
Explorer module displays and lets you browse the relevant data about the report you're on. All reports have slightly different versions of the explorer. You'll notice how the explorer consolidates the data and changes functionality based on the report you're exploring.
To open up The
Explorer, click on the button upper right corner of the page.
Each report page has an explorer screen that renders detailed connection logs in a searchable, sortable fashion.
There is a dynamic text search area at the upper right corner of every explorer screen. It helps you to filter all the data in the grid as you type.
Figure 6. Blocked live sessions explorer
How to Take Actions
You'll find three buttons for each log item.
Infoicon: Provides connection details.
Figure 7. Connection Details Window
Actionicon: Helps you to block or allow that particular connection.
Figure 8. Blocking via Action button on reports
Queryicon: Renders a form to query whois data for that connection.
Figure 9. Whois Query
Figure 10. Whois Query Result
Due to the nature of the job, Zenarmor creates a vast amount of data and creates meaningful graphics based on them. Each Sub-Module has its own chart setup.
Use a drill down filter by right-clicking on any of the charts displayed to filter out the data. It will be automatically applied to all the charts as is.
Connection Report Charts
- App Categories Breakdown
- Apps Breakdown
- Top Local Hosts
- Top Remote Hosts
Figure 11. Connection Reports
- Egress New Connections by App Over Time
- Eggress New Connections by Source Over Time
- New Connections & Unique Remote Hosts
- Unique Local Hosts over Time
Figure 12. Eggress Reports
- Conns - Facts
- Egress New Connections Heatmap
- Top Destination Locations Heatmap
- Table of Local Assets
Figure 13. Connection Reports
- Table of Apps
- Table of Remote Hosts
- Top Remote Ports
- Top Locale Serving Ports
Figure 14. Connection Reports
Security Report Charts
- Alerts - Top Blocks
- Alerts - Blocked Local Hosts and Reasons
- Alerts - Blocked Conversations Heatmap
- Alerts - Blocked Local Hosts Over Time
Figure 15. Security Reports
Web Report Charts
- Web - Top Categories
- Web - HTTP Transactions by Source Over Time
- Web - Top Talkers Heatmap
- Web - Tag Cloud Top Request Methods
- Web - Tag Cloud Top HTTP Versions
Figure 16. Web Reports
DNS Report Charts
- DNS Transactions Heatmap
- DNS Queries Distribution
- DNS Query Types Tag Cloud
- DNS Response Codes Tag Cloud
Figure 17. DNS Reports
TLS Report Charts
- TLS - Top Talkers Heatmap
- TLS - Web Categories Breakdown
- TLS - Top TLS Session Creators Over Time
- TLS - Destination Ports Tag Cloud
- TLS - Top TLS Servers Over Time
Figure 18. TLS Reports