Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Reference Manual for GigaFlow > Dashboards > Events

Events

Located at Dashboards > Events.

From the Dashboards menu, the Events option displays summary information about events and exceptions. See also Dashboards > Server Overview. You can also click on Events item in the main menu to access the same information.

Some things that will trigger an event record include:

  • Attempts to access blacklisted resources.
  • Profile exceptions, i.e. behaviours deviating from norms. These are user defined at Configuration > Profiling.
  • SYN flood event(s).
  • Lost neighbour(s).
  • New device(s) sending flows.
  • Connected device(s) suddenly not sending flows.

On the Events page, you can see:

A timeline of all events in the reporting period, the Events Graph. A tabulated version of this information is shown underneath.

Figure: Events Graph

Events graph.

  • Infographic of the number of event types by date and time; this is the Event Types infographic. Circle size indicates the number of events.
  • Infographic of the frequency of occurence of particular event categories by date and time, i.e. number of times per time interval; this is the Event Categories infographic. Circle size indicates frequency.
  • Infographic of the frequency of an event triggered by a particular source host by date and time; this is the Event Source Host(s) infographic. Circle size indicates frequency.
  • Infographic of the frequency of an event targetted at a particular host by date and time, i.e. number of times per time interval; this is the Event Target Host(s) infographic. Circle size indicates frequency.

Figure: Event Categories infographic

Event Categories infographic.

  • Infographic of the frequency with which each infrastructure device was affected by an event by date and time, i.e. number of times per time interval; this is the Infrastructure Devices infographic. Circle size indicates frequency.
  • Infographic of the frequency of an event by the measure of confidence in its identification, i.e. your confidence in the completeness and accuracy of the blacklist that the IP address was found in, and the severity of the threat to your network infrastructure, i.e. number of times per time interval; this is the Confidence & Severity infographic. Circle size indicates frequency.

Figure: Confidence & Severity infographic

Confidence and severity infographic.

By clicking once on any legend item, you will be taken to a detailed report, e.g. detailed reports for each Event Type, Source Host, Infrastructure Device, Event Category and Target Host.