This infographic shows a timeline of the number of events with the profile(s) involved. Circle diameters represent the number of events. The peak number of events in the timeline for each profile are highlighted in red.
This infographic shows a timeline of the number of events along with their estimated severity level(s). Circle diameters represent the number of events. The peak number of events in the timeline for each severity level are highlighted in red.
To access a detailed overview of any flow, click on the adjacent Drill Down icon . This provides a complete overview of that flow, listing:
The source address, a link to search forensics and any associated blacklists.
Source MAC address.
Destination address, a link to search forensics and any associated blacklists.
Destination MAC address.
Appid: the application ID is a unique identifier for each application.
In GigaFlow, Appid is a positive or negative integer value. The way in which the Appid is generated depends on which of the 3 ways the application is defined within the system. Following the hierarchy outlined in Configuration > Profiling -- Apps/Options -- Defined Applications, a negative unique integer value is assigned if (1) the application is associated with a Profile Object or (2) if it is named in the system. If the application is given by its port number only (3), a unique positive integer value is generated that is a function of the lowest port number and the IP protocol.
Application. See Appid, above, and Configuration > Profiling.
Number of packets in flow.
Number of bytes.
Profile, e.g. PCs.
Net device IP address, name and number of flows.
See Glossary for more about flow record fields used by GigaFlow.
See also Search for instructions to access the Graphical Flow Mapping feature.