Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Reference Manual for GigaFlow > GigaFlow Search > Overview

Overview

Search Scope

The system search is at the top of every GigaFlow page; it is a powerful and convenient way to access information directly, returning relevant matches and detailed summary information.

The left hand side of the search results screen displays summary information about that IP address, including:

  • Infrastructure device(s) that this IP address was seen on.
  • More information about the associated device.
  • Associated interfaces.
  • Detail about the IP address.
  • Associated traffic groups.
  • Associated ARP entries.
  • Associated LLDP entries.
  • Associated events, e.g. watchlist or profile alerts.

The Treeview, a kind of graphical flow mapping, will automatically load on the right hand side of the search results screen. This is a visual representation of the in- and out- traffic associated with a selected device.

See Search > Graphical Flow Mapping for more.

Searching by IP Address

  • Enter an IP address in the Search box.
  • Click Go.
  • Select a reporting period and click Submit Submit icon.

Figure: GigaFlow's search bar and results screen. In this screenshot, the user is searching for an IP address, 172.21.21.254.

Scrolling down reveals additional results:

Click to expand.The tabbed box on the left displays search results for that IP address, including any infrastructure device that it is associated with, the number of interfaces it was recently seen on, IP entry details, ARP entries and the number of secflow events associated with it.

Each item can be clicked to display more information and follow-on searches can be carried out for linked information, e.g. for associated MAC addresses.

Searching by MAC Address

GigaFlow can search by MAC address. This returns the name of the connected device and its VLAN.

To search by MAC address:

  • Enter the entire MAC address into the search box.
  • GigaFlow's MAC address search works for any standard MAC address format.

After searching the MAC address a number of key pieces of information will be displayed, including:

  • IP address.
  • Host name.
  • MAC vendor.
  • Layer-3 devices, interfaces or interface tools.

From here, some of the other actions you can take include:

  • Click the interface displayed in the left had dialog box to access more information about the physical interface the device is connected to. The interface with the lowest MAC count is the connected interface.
  • Click Live View on the right to display the live in- and out- utilisation of the interface.
  • Live View also provides speed, duplex and error count information for the interface.
  • Click on Connections to see what other devices are connected to the same port.

Searching by Username

To search by username:

  • Enter a username, or part of a username, into the search box.
  • GigaFlow will tell you if that username, or any variation of it, has been seen on your network.
  • Click on any of the search results to display its associated information in the right-hand side panel.

Searching for a Specific Network Switch

To search for a specific network switch:

  • Enter the switch IP address into the search box.
  • Click to expand the Device information and click, See all connections.
  • The Device Connections table shows connections to any one port on any one VLAN.
  • You can filter information by entering an interface, or device etc., into the search bar at the top-right of the table.

To make a follow-on search from a specific device or switch:

  • Using switches from previously displayed tables, you can search for any switches of similar origin, e.g containing the prefix of PATS-3560.
  • Click on the desired switch; this reopens the Device Connections table.
  • You can also search by VLAN.