Select Reports > Portal > Repository > Standard Content > Foundation.
The traffic exchanged between devices and servers tells you a lot about your network. By monitoring network traffic, you can identify cyber attacks and network events that could affect your enterprise. For example, malicious users might find a way to intercept communications to generate a man-in-the-middle attack or change the configuration of devices to gain unauthorized access. In both cases, the attack is the beginning of further intrusions. Also, a system infected by malware can be instructed generate a large volume of domains, thus causing increased traffic.
To monitor network activity, use the following dashboards and reports:
Provides charts and a table to help you identify the top attackers, targets, and events over time.
This dashboard also is available in the Insufficient Logging and Monitoring category of the OWASP reports.
Provides charts and a table to help you watch for domain generation algorithms (DGAs). You can identify the IP addresses generating the most DGA domains or the unique domains that the largest number of hosts attempt to connect with. You can also check for the hosts that are transmitting the largest amount of data.
Provides charts and a table for you to identify denial-of-service events. You can view the number of events per day, as well as the top source and destination addresses.
This dashboard also is available in the Denial of Service category of the Cloud reports.
Provides charts and a table that describe the email attacks detected in your enterprise. You can view the top events or target users, as well as the destination and source addresses.
Shows the top 10 exploit attempts reported by the intrusion detection systems (IDS) in your enterprise. In the table, you can sort the events by count or severity.
Provides a chart and table showing all events reported by the IDSs in your enterprise.
Provides charts and a table to help you catch potential man-in-the-middle (MitM) attacks. You can view events over time, by source and destination address including MAC addresses, and the top MitM events.
During a MitM attack, the malicious user intercepts communications between two parties either to secretly eavesdrop or modify traffic traveling between the two.
Reports the top 10 devices whose configurations have changed, as well as the top 10 events causing configuration changes.
Provides charts and a table to help you watch for active reconnaissance attacks. You can view identify the top sources of recon activity, as well as the primary destinations for these attacks. Review the pie charts to identify the main types of events and affected zones.
Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. Malicious users might use tools like ping or traceroute to perform recon through automated scanning or manual testing.
Provides charts to help you identify anomalies in network traffic. You can view the top source and destination address, events, and activity over time.
Provides charts and a table for you to monitor VPN activity, such as the top users who access the VPN. You can view the VPN activities per day, as well as review the top source and destination addresses.