Cybermap

The cybermap allows the visualization of the origin of the public IP addresses having communicated on the network.

Device cybermap

The View affected endpoints link allows you to access the table of endpoints with the same date selected in the card selector.

Selector

The selector allows you to change the sorting of the IP addresses and the direction of the flows.

The different sorting of IP addresses are as follows:

  • By threats: The flows will be sorted by decreasing order of danger of the threats represented by the public IP addresses.

  • By flow volume: IP addresses will be sorted in descending order of the total volume (sum of incoming and outgoing volume) of flows grouped by public IP address.

  • By flow count: IP addresses will be sorted by flow count to the public IP address.

The flow direction allows you to filter on OUT flows only, IN flows only, or both.

The selection of non-open hours only allows you to retrieve only the flows that have transited during the non-working hours of the device.

Legend

On the map, the icons of the IP address threats are displayed.

If the IP address cannot be represented by an icon, then the flag of the country of origin is displayed.

If several IP addresses are on the same point on the map, then a flashing cluster with the country flag is displayed. If the cluster contains a qualified threat (e.g. Trojan horse), then the following icon appears:

Cluster containing multiple threats

The color of the flows to each IP address is determined by the directions of the flows:

  • If the IP address is toxic and at least one flow is OUT, then it will be displayed in red.

  • If the IP address is toxic and all flows are IN, then it will be displayed in orange.

  • If the IP address is not toxic, then it will be displayed in green.

Dernière mise à jour

Cet article vous a-t-il été utile ?