After successfully logging in to the cognitix Threat Defender, you reach the Analytics dashboard.


Using four predefined dashboards, you quickly get an overview of what’s going on in the network. The dashboards cover Network Intelligence, User Intelligence, Security Intelligence and a System Dashboard overview.


Main Features

  • More than 600 reporting combinations, graphs and matrixes are available.

  • From any dashboard, you can drill down into the depth of each category.
  • When you position the mouse over a chart element, it shows the top 5 (or top 10 if you like) entries for this element.
  • Almost all available charts are clickable and take you one level deeper into the analysis.
  • Each detail page contains a time-based line chart, a quantity based pie chart and a searchable table with individual values.
  • Most of the analysis results are deep links, i.e. you can store a link in your browser or share the link.
  • If a protocol can be subdivided into applications (e.g. YouTube SSL, Facebook SSL, etc.), the results are shown in a more detailed view.



Network Intelligence

Navigate to Analytics > Network Intelligence to see information related to the behavior of network devices. This dashboard displays the total traffic distribution by source and destination IP and MAC addresses as well as interfaces. This allows you to check which source or destination IP consumes the most bandwidth, for example. From here, you can further analyze the individual IP and MAC addresses and look up geolocation information for IP addresses.


User Intelligence

Navigate to Analytics > User Intelligence to see information related to user behavior in the network. This dashboard displays the total traffic distribution by applications/protocols, URLs and URL categories as well as by destination countries. From here, you can begin a deeper analysis starting with source and destination IP and MAC addresses as well as destination countries.


Security Intelligence

Navigate to Analytics > Security Intelligence to see information related to the policy. This dashboard displays the total traffic distribution by policy rules, IPS rules, and URL reputations. From here, you can begin a deeper analysis starting with source and destination IP and MAC addresses as well as destination countries.


System

The System Dashboard shows all interesting hardware values (CPU usage, Memory usage, Number of flow table entries, Core temperatures, Disk usage, Disk input/output) if they can be analyzed by the operating system.



Analysis Tailored to Your Needs

As described above, you can perform your analysis using more than 600 reporting combinations, graphs and matrixes. This includes the following available options, for example.


Time Resolutions

  • Minute (1 second resolution)
  • Hour (1 minute resolution)
  • Day (15 minutes resolution)
  • Week (3 hour resolution)
  • Month (6 hour resolution)


Time Charts

  • Line chart
  • Area chart
  • Bar chart
  • Column chart
  • Stacked column chart


Quantity Charts

  • Pie chart
  • Bubble chart
  • Word cloud


Traffic Resolution for Interfaces

  • Bits per interface/second
  • Bits per interface Rx/second
  • Bits per interface Tx/second
  • Packets per interface/second
  • Packets per interface Rx/second
  • Packets per interface Tx/second



Hints

  • If you use a private IP range, the "Destination Country" is shown as as "Unknown Or Invalid Territory".
  • The "Destination Country" is based on "GeoIP" values and depends on more values than simple WhoIs data.
    For more details, see IP address location.