About the Context Explorer
The Firepower System Context Explorer displays detailed, interactive graphical information in context about the status of your monitored network, including data on applications, application statistics, connections, geolocation, indications of compromise, intrusion events, hosts, servers, Security Intelligence, users, files (including malware files), and relevant URLs. Distinct sections present this data in the form of vivid line, bar, pie, and donut graphs, accompanied by detailed lists. The first section, a line chart of traffic and event counts over time, provides an at-a-glance picture of recent trends in your network’s activity.
You can easily create and apply custom filters to fine-tune your analysis, and you can examine data sections in more detail by simply clicking or hovering your cursor over graph areas. You can also configure the explorer’s time range to reflect a period as short as the last hour or as long as the last year. Only users with the Administrator, Security Analyst, or Security Analyst (Read Only) user roles have access to the Context Explorer.
The Firepower System dashboard is highly customizable and compartmentalized and updates in real time. In contrast, the Context Explorer is manually updated, designed to provide broader context for its data, and has a single, consistent layout designed for active user exploration.
You use the dashboard to monitor real-time activity on your network and appliances according to your own specific needs. Conversely, you use the Context Explorer to investigate a predefined set of recent data in granular detail and clear context: for example, if you notice that only 15% of hosts on your network use Linux, but account for almost all YouTube traffic, you can quickly apply filters to view data only for Linux hosts, only for YouTube-associated application data, or both. Unlike the compact, narrowly focused dashboard widgets, the Context Explorer sections are designed to provide striking visual representations of system activity in a format useful to both expert and casual users of the Firepower System.
The data displayed depends on such factors as how you license and deploy your managed devices, and whether you configure features that provide the data. You can also apply filters to constrain the data that appears in all Context Explorer sections.
In a multidomain deployment, the Context Explorer displays aggregated data from all subdomains when you view it in an ancestor domain. In a leaf domain, you can view data specific to that domain only.
Differences Between the Dashboard and the Context Explorer
The following table summarizes some of the key differences between the dashboard and the Context Explorer.
Feature |
Dashboard |
Context Explorer |
---|---|---|
Displayable data |
Anything monitored by the Firepower System |
Applications, application statistics, geolocation, host indications of compromise, intrusion events, files (including malware files), hosts, Security Intelligence events, servers, users, and URLs |
Customizability |
|
|
Data update frequency |
Automatic (default); user-configured |
Manual |
Data filtering |
Possible for some widgets (must edit widget preferences) |
Possible for all parts of the explorer, with support for multiple filters |
Graphical context |
Some widgets (particularly Custom Analysis) can display data in graph form |
Extensive graphical context for all data, including uniquely detailed donut graphs |
Links to relevant web interface pages |
In some widgets |
In every section |
Time range of displayed data |
User-configured |
User-configured |
The Traffic and Intrusion Event Counts Time Graph
At the top of the Context Explorer is a line chart of traffic and intrusion events over time. The X-axis plots time intervals (which range from five minutes to one month, depending on the selected time window). The Y-axis plots traffic in kilobytes (blue line) and intrusion event count (red line).
Note that the smallest X-axis interval is five minutes. To accommodate this, the system will round the beginning and ending points in your selected time range down to the nearest five-minute interval.
By default, this section shows all network traffic and all
generated intrusion events for the selected time range. If you apply filters,
the chart changes to display only traffic and intrusion events associated with
the criteria specified in the filters. For example, filtering on the
OS Name of
Windows
causes the
time graph to display only traffic and events associated with hosts using
Windows operating systems.
If you filter the Context Explorer on intrusion event data (such
as a
Priority of
High
), the blue
Traffic line is hidden to allow greater focus on intrusion events alone.
You can hover your pointer over any point on the graph lines to view exact information about traffic and event counts. Hovering your pointer over one of the colored lines also brings that line to the forefront of the graph, providing clearer context.
This section draws data primarily from the Intrusion Events and Connection Events tables.
The Indications of Compromise Section
The Indications of Compromise (IOC) section of the Context Explorer contains two interactive sections that provide an overall picture of potentially compromised hosts on your monitored network: a proportional view of the most prevalent IOC types triggered, as well as a view of hosts by number of triggered indications.
For more information about IOCs, see Indications of Compromise Data.
The Hosts by Indication Graph
The Hosts by Indication graph, in donut form, displays a
proportional view of the Indications of Compromise (IOC) triggered by hosts on
your monitored network. The inner ring divides by IOC category (such as
CnC Connected
or
Malware Detected
),
while the outer ring further divides that data by specific event type (such as
Impact 2 Intrusion Event —
attempted-admin
or
Threat Detected in File
Transfer
).
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
This graph draws data primarily from the Hosts and Host Indications of Compromise tables.
The Indications by Host Graph
The Indications by Host graph, in bar form, displays counts of unique Indications of Compromise (IOC) triggered by the 15 most IOC-active hosts on your monitored network.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
This graph draws data primarily from the Hosts and Host Indications of Compromise tables.
The Network Information Section
The Network Information section of the Context Explorer contains six interactive graphs that display an overall picture of connection traffic on your monitored network: sources, destinations, users, and security zones associated with traffic, a breakdown of operating systems used by hosts on the network, as well as a proportional view of access control actions your Firepower System has performed on network traffic.
The Operating Systems Graph
The Operating Systems graph, in donut form, displays a
proportional representation of operating systems detected on hosts on your
monitored network. The inner ring divides by OS name (such as
Windows
or
Linux
), while the
outer ring further divides that data by specific operating system version (such
as
Windows Server 2008
or
Linux 11.x
). Some
closely related operating systems (such as Windows 2000, Windows XP, and
Windows Server 2003) are grouped together. Very scarce or unrecognized
operating systems are grouped under
Other.
Note that this graph reflects all available data regardless of date and time constraints. If you change the explorer time range, the graph does not change.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
This graph draws data primarily from the Hosts table.
The Traffic by Source IP Graph
The Traffic by Source IP graph, in bar form, displays counts of network traffic (in kilobytes per second) and unique connections for the top 15 most active source IP addresses on your monitored network. For each source IP address listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Note |
If you filter on intrusion event information, the Traffic by Source IP graph is hidden. |
This graph draws data primarily from the Connection Events table.
The Traffic by Source User Graph
The Traffic by Source User graph, in bar form, displays counts of network traffic (in kilobytes per second) and unique connections for the top 15 most active source users on your monitored network. For each source IP address listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Note |
If you filter on intrusion event information, the Traffic by Source User graph is hidden. |
This graph draws data primarily from the Connection Events table. It displays authoritative user data.
The Connections by Access Control Action Graph
The Connections by Access Control Action graph, in pie form,
displays a proportional view of access control actions (such as
Block
or
Allow
) that your
Firepower System deployment has taken on monitored traffic.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Note |
If you filter on intrusion event information, the Traffic by Source User graph is hidden. |
This graph draws data primarily from the Connection Events table.
The Traffic by Destination IP Graph
The Traffic by Destination IP graph, in bar form, displays counts of network traffic (in kilobytes per second) and unique connections for the top 15 most active destination IP addresses on your monitored network. For each destination IP address listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Note |
If you filter on intrusion event information, the Traffic by Destination IP graph is hidden. |
This graph draws data primarily from the Connection Events table.
The Traffic by Ingress/Egress Security Zone Graph
The Traffic by Ingress/Egress Security Zone graph, in bar form, displays counts of incoming or outgoing network traffic (in kilobytes per second) and unique connections for each security zone configured on your monitored network. You can configure this graph to display either ingress (the default) or egress security zone information, according to your needs.
For each security zone listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information
Tip |
To constrain the graph so it displays only traffic by egress security zone, hover your pointer over the graph, then click Egress on the toggle button that appears. Click Ingress to return to the default view. Note that navigating away from the Context Explorer also returns the graph to the default Ingress view. |
Note |
If you filter on intrusion event information, the Traffic by Ingress/Egress Security Zone graph is hidden. |
This graph draws data primarily from the Connection Events table.
The Application Information Section
The Application Information section of the Context Explorer contains three interactive graphs and one table-format list that display an overall picture of application activity on your monitored network: traffic, intrusion events, and hosts associated with applications, further organized by the estimated risk or business relevance assigned to each application. The Application Details list provides an interactive list of each application and its risk, business relevance, category, and host count.
For all instances of “application” in this section, the Application Information graph set, by default, specifically examines application protocols (such as DNS or SSH). You can also configure the Application Information section to specifically examine client applications (such as PuTTY or Firefox) or web applications (such as Facebook or Pandora).
Focusing the Application Information Section
In a multidomain deployment, you can view data for the current domain and for any descendant domains. You cannot view data from higher level or sibling domains.
Procedure
Step 1 |
Choose . |
||
Step 2 |
Hover your pointer over the Application Protocol Information section.
|
||
Step 3 |
Click Application Protocol, Client Application, or Web Application. |
The Traffic by Risk/Business Relevance and Application Graph
The Traffic by Risk/Business Relevance and Application graph, in
donut form, displays a proportional representation of application traffic
detected on your monitored network, arranged by the applications’ estimated
risk (the default) or estimated business relevance. The inner ring divides by
estimated risk/business relevance level (such as
Medium
or
High
), while the
outer ring further divides that data by specific application (such as
SSH
or
NetBIOS
). Scarcely
detected applications are grouped under
Other.
Note that this graph reflects all available data regardless of date and time constraints. If you change the explorer time range, the graph does not change.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Tip |
To constrain the graph so it displays traffic by business relevance and application, hover your pointer over the graph, then click Business Relevance on the toggle button that appears. Click Risk to return to the default view. Note that navigating away from the Context Explorer also returns the graph to the default Risk view. |
Note |
If you filter on intrusion event information, the Traffic by Risk/Business and Application graph is hidden. |
This graph draws data primarily from the Connection Events and Application Statistics tables.
The Intrusion Events by Risk/Business Relevance and Application Graph
The Intrusion Events by Risk/Business Relevance and Application
graph, in donut form, displays a proportional representation of intrusion
events detected on your monitored network and the applications associated with
those events, arranged by the applications’ estimated risk (the default) or
estimated business relevance. The inner ring divides by estimated risk/business
relevance level (such as
Medium
or
High
), while the
outer ring further divides that data by specific application (such as
SSH
or
NetBIOS
). Scarcely
detected applications are grouped under
Other.
Hover your pointer over any part of the donut graph to view more detailed information. Click any part of the graph to filter or drill down on that information, or (where applicable) to view application information.
Tip |
To constrain the graph so it displays intrusion events by business relevance and application, hover your pointer over the graph, then click Business Relevance on the toggle button that appears. Click Risk to return to the default view. Note that navigating away from the Context Explorer also returns the graph to the default Risk view. |
This graph draws data primarily from the Intrusion Events and Application Statistics tables.
The Hosts by Risk/Business Relevance and Application Graph
The Hosts by Risk/Business Relevance and Application graph, in
donut form, displays a proportional representation of hosts detected on your
monitored network and the applications associated with those hosts, arranged by
the applications’ estimated risk (the default) or estimated business relevance.
The inner ring divides by estimated risk/business relevance level (such as
Medium
or
High
), while the
outer ring further divides that data by specific application (such as
SSH
or
NetBIOS
). Very
scarce applications are grouped under
Other.
Hover your pointer over any part of the donut graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Tip |
To constrain the graph so it displays hosts by business relevance and application, hover your pointer over the graph, then click Business Relevance on the toggle button that appears. Click Risk to return to the default view. Note that navigating away from the Context Explorer also returns the graph to the default Risk view. |
This graph draws data primarily from the Applications table.
The Application Details List
At the bottom of the Application Information section is the Application Details List, a table that provides estimated risk, estimated business relevance, category, and hosts count information for each application detected on your monitored network. The applications are listed in descending order of associated host count.
The Application Details List table is not sortable, but you can click on any table entry to filter or drill down on that information, or (where applicable) to view application information. This table draws data primarily from the Applications table.
Note that this list reflects all available data regardless of date and time constraints. If you change the explorer time range, the list does not change.
The Security Intelligence Section
The Security Intelligence section of the Context Explorer contains three interactive bar graphs that display an overall picture of traffic on your monitored network that is blocked or monitored by Security Intelligence. The graphs sort such traffic by category, source IP address, and destination IP address, respectively; both the amount of traffic (in kilobytes per second) and the number of applicable connections appear.
The Security Intelligence Traffic by Category Graph
The Security Intelligence Traffic by Category graph, in bar form, displays counts of network traffic (in kilobytes per second) and unique connections for the top Security Intelligence categories of traffic on your monitored network. For each category listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to drill down on that information.
Note |
If you filter on intrusion event information, the Security Intelligence Traffic by Category graph is hidden. |
This graph draws data primarily from the Security Intelligence Events table.
The Security Intelligence Traffic by Source IP Graph
The Security Intelligence Traffic by Source IP graph, in bar form, displays counts of network traffic (in kilobytes per second) and unique connections for the top source IP addresses of Security Intelligence-monitored traffic on your monitored network. For each category listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to drill down on that information.
Note |
If you filter on intrusion event information, the Security Intelligence Traffic by Source IP graph is hidden. |
This graph draws data primarily from the Security Intelligence Events table.
The Security Intelligence Traffic by Destination IP Graph
The Security Intelligence Traffic by Destination IP graph, in bar form, displays counts of network traffic (in kilobytes per second) and unique connections for the top destination IP addresses of Security Intelligence-monitored traffic on your monitored network. For each category listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to drill down on that information.
Note |
If you filter on intrusion event information, the Security Intelligence Traffic by Destination IP graph is hidden. |
This graph draws data primarily from the Security Intelligence Events table.
The Intrusion Information Section
The Intrusion Information section of the Context Explorer contains six interactive graphs and one table-format list that display an overall picture of intrusion events on your monitored network: impact levels, attack sources, target destinations, users, priority levels, and security zones associated with intrusion events, as well as a detailed list of intrusion event classifications, priorities, and counts.
The Intrusion Events by Impact Graph
The Intrusion Events by Impact graph, in pie form, displays a proportional view of intrusion events on your monitored network, grouped by estimated impact level (from 0 to 4).
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
This graph draws data primarily from the intrusion detection (IDS Statistics) and Intrusion Events tables.
The Top Attackers Graph
The Top Attackers graph, in bar form, displays counts of intrusion events for the top attacking host IP addresses (causing those events) on your monitored network.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
This graph draws data primarily from the Intrusion Events table.
The Top Users Graph
The Top Users graph, in bar form, displays users on your monitored network that are associated with the highest intrusion event counts, by event count.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
This graph draws data primarily from the intrusion detection (IDS) User Statistics and Intrusion Events tables. It displays authoritative user data.
The Intrusion Events by Priority Graph
The Intrusion Events by Priority graph, in pie form, displays a
proportional view of intrusion events on your monitored network, grouped by
estimated priority level (such as
High
,
Medium
, or
Low
).
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
This graph draws data primarily from the Intrusion Events table.
The Top Targets Graph
The Top Targets graph, in bar form, displays counts of intrusion events for the top target host IP addresses (targeted in the connections causing those events) on your monitored network.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
This graph draws data primarily from the Intrusion Events table.
The Top Ingress/Egress Security Zones Graph
The Top Ingress/Egress Security Zones graph, in bar form, displays counts of intrusion events associated with each security zone (ingress or egress, depending on graph settings) configured on your monitored network.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Tip |
To constrain the graph so it displays only traffic by egress security zone, hover your pointer over the graph, then click Egress on the toggle button that appears. Click Ingress to return to the default view. Note that navigating away from the Context Explorer also returns the graph to the default Ingress view. |
This graph draws data primarily from the Intrusion Events table.
You can configure this graph to display either ingress (the default) or egress security zone information, according to your needs.
The Intrusion Event Details List
At the bottom of the Intrusion Information section is the Intrusion Event Details List, a table that provides classification, estimated priority, and event count information for each intrusion event detected on your monitored network. The events are listed in descending order of event count.
The Intrusion Event Details List table is not sortable, but you can click on any table entry to filter or drill down on that information. This table draws data primarily from the Intrusion Events table.
The Files Information Section
The Files Information section of the Context Explorer contains six interactive graphs that display an overall picture of file and malware events on your monitored network.
Five of the graphs display data related to AMP for Networks (formerly called AMP for Firepower): the file types, file names, and malware dispositions of the files detected in network traffic, as well as the hosts sending (uploading) and receiving (downloading) those files. The final graph displays all malware threats detected in your organization, whether by AMP for Networks or AMP for Endpoints.
Note |
If you filter on intrusion information, the entire Files Information Section is hidden. |
The Top File Types Graph
The Top File Types graph, in donut form, displays a proportional view of the file types detected in network traffic (outer ring), grouped by file category (inner ring).
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Note that you must have a Malware license to for this graph to display AMP for Networks data.
This graph draws data primarily from the File Events table.
The Top File Names Graph
The Top File Names graph, in bar form, displays counts of the top unique file names detected in network traffic.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Note that you must have a Malware license to for this graph to display AMP for Networks data.
This graph draws data primarily from the File Events table.
The Files by Disposition Graph
The Top File Types graph, in pie form, displays a proportional view of the malware dispositions for files detected by the
AMP for Networks feature (formerly called AMP for Firepower). Note that only files for which the Firepower Management Center performed a malware cloud lookup have dispositions. Files that did not trigger a cloud lookup have a disposition of N/A
. The disposition Unavailable
indicates that the Firepower Management Center could not perform a malware cloud lookup.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Note that you must have a Malware license to for this graph to display AMP for Networks data.
This graph draws data primarily from the File Events table.
The Top Hosts Sending Files Graph
The Top Hosts Sending Files graph, in bar form, displays counts of the number of files detected in network traffic for the top file-sending host IP addresses.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Tip |
To constrain the graph so it displays only hosts sending malware, hover your pointer over the graph, then click Malware on the toggle button that appears. Click Files to return to the default files view. Note that navigating away from the Context Explorer also returns the graph to the default files view. |
Note that you must have a Malware license to for this graph to display AMP for Networks data.
This graph draws data primarily from the File Events table.
The Top Hosts Receiving Files Graph
The Top Hosts Receiving Files graph, in bar form, displays counts of the number of files detected in network traffic for the top file-receiving host IP addresses.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Tip |
To constrain the graph so it displays only hosts receiving malware, hover your pointer over the graph, then click Malware on the toggle button that appears. Click Files to return to the default files view. Note that navigating away from the Context Explorer also returns the graph to the default files view. |
Note that you must have a Malware license to for this graph to display AMP for Networks data.
This graph draws data primarily from the File Events table.
The Top Malware Detections Graph
The Top Malware Detections graph, in bar form, displays counts of the top malware threats detected in your organization, whether by AMP for Networks or AMP for Endpoints.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Note that you must have a Malware license to for this graph to display AMP for Networks data.
This graph draws data primarily from the File Events and Malware Events tables.
The Geolocation Information Section
The Geolocation Information section of the Context Explorer contains three interactive donut graphs that display an overall picture of countries with which hosts on your monitored network are exchanging data: unique connections by initiator or responder country, intrusion events by source or destination country, and file events by sending or receiving country.
The Connections by Initiator/Responder Country Graph
The Connections by Initiator/Responder Country graph, in donut form, displays a proportional view of the countries involved in connections on your network as either the initiator (the default) or the responder. The inner ring groups these countries together by continent.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Tip |
To constrain the graph so it displays only countries acting as the responder in connections, hover your pointer over the graph, then click Responder on the toggle button that appears. Click Initiator to return to the default view. Note that navigating away from the Context Explorer also returns the graph to the default Initiator view. |
This graph draws data primarily from the Connection Summary Data table.
The Intrusion Events by Source/Destination Country Graph
The Intrusion Events by Source/Destination Country graph, in donut form, displays a proportional view of the countries involved in intrusion events on your network as either the source of the event (the default) or the destination. The inner ring groups these countries together by continent.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Tip |
To constrain the graph so it displays only countries acting as the destinations of intrusion events, hover your pointer over the graph, then click Destination on the toggle button that appears. Click Source to return to the default view. Note that navigating away from the Context Explorer also returns the graph to the default Source view. |
This graph draws data primarily from the Intrusion Events table.
The File Events by Sending/Receiving Country Graph
The File Events by Sending/Receiving Country graph, in donut form, displays a proportional view of the countries detected in file events on your network as either sending (the default) or receiving files. The inner ring groups these countries together by continent.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to filter or drill down on that information.
Tip |
To constrain the graph so it displays only countries receiving files, hover your pointer over the graph, then click Receiver on the toggle button that appears. Click Sender to return to the default view. Note that navigating away from the Context Explorer also returns the graph to the default Sender view. |
This graph draws data primarily from the File Events table.
The URL Information Section
The URL Information section of the Context Explorer contains three interactive bar graphs that display an overall picture of URLs with which hosts on your monitored network are exchanging data: traffic and unique connections associated with URLs, sorted by individual URL, URL category, and URL reputation. You cannot filter on URL information.
Note |
If you filter on intrusion event information, the entire URL Information Section is hidden. |
Note that you must have a URL Filtering license for this graph to include URL category and reputation data.
The Traffic by URL Graph
The Traffic by URL graph, in bar form, displays counts of network traffic (in kilobytes per second) and unique connections for the top 15 most requested URLs on your monitored network. For each URL listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to drill down on that information.
Note |
If you filter on intrusion event information, the Traffic by URL graph is hidden. |
Note that you must have a URL Filtering license for this graph to include URL category and reputation data.
This graph draws data primarily from the Connection Events table.
The Traffic by URL Category Graph
The Traffic by URL Category graph, in bar form, displays counts
of network traffic (in kilobytes per second) and unique connections for the
most requested URL categories (such as
Search Engines
or
Streaming Media
) on
your monitored network. For each URL category listed, blue bars represent
traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to drill down on that information.
Note |
If you filter on intrusion event information, the Traffic by URL Category graph is hidden. |
Note that you must have a URL Filtering license for this graph to include URL category and reputation data.
This graph draws data primarily from the URL Statistics and Connection Events tables.
The Traffic by URL Reputation Graph
The Traffic by URL Reputation graph, in bar form, displays counts of network traffic (in kilobytes per second) and unique connections for the most requested URL reputation groups (such as Well Known or Benign sites with security risks) on your monitored network. For each URL reputation listed, blue bars represent traffic data and red bars represent connection data.
Hover your pointer over any part of the graph to view more detailed information. Click any part of the graph to drill down on that information.
Note |
If you filter on intrusion event information, the Traffic by URL Reputation graph is hidden. |
Note that you must have a URL Filtering license for this graph to include URL category and reputation data.
This graph draws data primarily from the URL Statistics and Connection Events tables.