The flow table shows each flow returned by the device over a given period.

The columns can be sorted in ascending / descending order by clicking on the column name.

It is possible to apply filters on the results of the table.

The number of lines is limited to 20 per page by default. The pagination is accessible at the bottom right of the table. It shows the current page and the total number of rows found in the database.

Columns

Endpoint

The Endpoint column shows the local IP address of the flow with the custom netbios name associated with the IP address, or the netbios name reported by the log if no custom name has been defined.

Remote IP

The remote IP column displays the public IP address associated with the flow. The indicator underneath shows whether the flow has been considered toxic, and if so, whether it has been filtered or not.

Timestamp

The timestamp displayed is the timestamp of the first flow detected by the device.

The indicator below represents the amplitude of the communication between the endpoint and the remote IP address, i.e. the difference between the time of the first flow and the last flow.

Other columns

The other columns show:

• The volume of the flow (incoming and outgoing)

• The direction of the flow (the color code used for the legend of the cyber map)

• The protocol used

• The port used

Filters

The results of the table can be filtered according to several criteria:

• The endpoint (local IP only, no netbios name)

• The remote IP address

• The protocol

• The port

• The start time

• The end time

• The direction of the flows

• Toxic flows only