Flow
Dernière mise à jour
Cet article vous a-t-il été utile ?
Dernière mise à jour
Cet article vous a-t-il été utile ?
The flow table shows each flow returned by the device over a given period.
The columns can be sorted in ascending / descending order by clicking on the column name.
It is possible to apply filters on the results of the table.
The number of lines is limited to 20 per page by default. The pagination is accessible at the bottom right of the table. It shows the current page and the total number of rows found in the database.
The Endpoint column shows the local IP address of the flow with the custom netbios name associated with the IP address, or the netbios name reported by the log if no custom name has been defined.
The remote IP column displays the public IP address associated with the flow. The indicator underneath shows whether the flow has been considered toxic, and if so, whether it has been filtered or not.
The timestamp displayed is the timestamp of the first flow detected by the device.
The indicator below represents the amplitude of the communication between the endpoint and the remote IP address, i.e. the difference between the time of the first flow and the last flow.
The other columns show:
The volume of the flow (incoming and outgoing)
The direction of the flow (the color code used for the legend of the cyber map)
The protocol used
The port used
The results of the table can be filtered according to several criteria:
The endpoint (local IP only, no netbios name)
The remote IP address
The protocol
The port
The start time
The end time
The direction of the flows
Toxic flows only