# Cybermap

The cybermap allows the visualization of the origin of the public IP addresses having communicated on the network.

![Device cybermap](/files/VZhP82ErNLM73NtzgoQz)

{% hint style="danger" %}
**The flows displayed are grouped by public IP address.**\
The volume is therefore the sum total of the incoming and outgoing volume for each flow to this IP address.
{% endhint %}

{% hint style="info" %}
The **View affected endpoints** link allows you to access the [table of endpoints](/control/english/devices/dashboard-dun-appareil/peripheriques.md) with the same date selected in the card selector.
{% endhint %}

### Selector

The selector allows you to change the sorting of the IP addresses and the direction of the flows.

The different sorting of IP addresses are as follows:

* **By threats**: The flows will be sorted by decreasing order of [danger of the threats](/control/english/guides/glossaire.md#dangerousness-of-the-threats) represented by the public IP addresses.
* **By flow volume**: IP addresses will be sorted in descending order of the total volume (sum of incoming and outgoing volume) of flows grouped by public IP address.
* **By flow count**: IP addresses will be sorted by flow count to the public IP address.

The flow direction allows you to filter on **OUT** flows only, **IN** flows only, or both.

The selection of non-open hours only allows you to retrieve only the flows that have transited during the [non-working hours of the device](/control/english/devices/dashboard-dun-appareil/parametres.md).

### Legend

On the map, the [icons of the IP address threats](/control/english/guides/glossaire.md#dangerousness-of-the-threats) are displayed.

If the IP address cannot be represented by an icon, then the flag of the country of origin is displayed.

{% hint style="warning" %}
The location of IP addresses is retrieved from [ipdata](https://ipdata.co/).

**It is possible that the location is only accurate to one country. In this case, the marker will be displayed in the center of the country in question.**
{% endhint %}

If several IP addresses are on the same point on the map, then a flashing cluster with the country flag is displayed. If the cluster contains a qualified threat (e.g. Trojan horse), then the following icon appears:

<div align="center"><img src="/files/JjmzKuVh54762XN39ZUG" alt="Cluster containing multiple threats"></div>

The color of the flows to each IP address is determined by the directions of the flows:

* If the IP address is **toxic and at least one flow is OUT**, then it will be displayed in <mark style="color:red;">**red**</mark>.
* If the IP address is **toxic and all flows are IN**, then it will be displayed in <mark style="color:orange;">**orange**</mark>.
* If the IP address is **not toxic**, then it will be displayed in <mark style="color:green;">**green**</mark>.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.serenicity.fr/control/english/devices/dashboard-dun-appareil/general/cybercarte.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.