Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Reference Manual for GigaFlow > Threat Map

Threat Map

To view a world map overlaid with attack/event trajectories, click on the Threat Map main menu item.

  • Select the report period using the Window pull-down menu, e.g. select 12 hours to view threat data for the past 12 hours.
  • A timeline above the main map displays threats during the report period.
  • Threat trajectories are displayed on the main map in the centre of the screen.

Figure: The main threat map visualization

Alongside the map, you will see the expandable tables:

  • Threat Src Locations: a list of the countries where the threats originate.
  • Event IP Sources: a list of the IPs associated with the threats.
  • Event Types: a list of the types of threat identified .
  • Event Categories: a list of the threat categories.
  • Event Devices: a list of your infrastructure devices involved in the threat.
  • Threat Dest Locations: a list of the countries where devices affected by the threats reside.
  • Event IP Dests: a list of the IP addresses affected by the threats, i.e. where did the data go.

Most items in the side tables can be examined in isolation, i.e. Event IP Sources, Event Types, Event Categories, Event Devices, Event IP Destinations.

  • To focus on a single event IP source:

Click on the relevant IP and the page will display information related only to that IP.The main table below the map displays a complete summary of the the threats mapped with time. In addition to the information presented in the side tables, the main table includes:

  • The protocol/application involved.
  • The byte-size of the threat event.
  • The number of packets involved in the threat event.