After successfully logging in to the cognitix Threat Defender, you see the Analytics dashboard.


Three dashboards quickly provide an overview of what’s going on in the network. The dashboards cover Network Intelligence, Assets and Policy information.


Main Features

  • More than 600 reporting combinations, graphs and matrixes are available.

  • From any dashboard, you can drill down deeper into the traffic details.
  • When you position the mouse over a chart, it pauses and gives you time to analyze the chart.
  • Almost all available charts are clickable and take you one level deeper into the analysis.
  • Most of the analysis results are deep links, i.e. you can store a link in your browser or share the link.
  • If a protocol can be subdivided into applications (e.g. YouTube SSL, Facebook SSL, etc.), the results are shown in a more detailed view.


Network

Navigate to Analytics > Network to see information related to the behavior of the network. This dashboard displays the total traffic distribution by protocols and applications, destination layer 4 information, source and destination IP addresses and countries, and interfaces.

From here, you can drill down into deeper reporting levels to further analyze the network traffic. For example, you can check which source or destination IP consumes the most bandwidth.


Assets

Navigate to Analytics > Assets to see information related to asset and user behavior in the network. This dashboard displays the total traffic distribution by source and destination assets and which assets talk to each other. It also shows the traffic distribution by users, users who generate the most traffic, users who triggered threat intelligence incidents, and the traffic distribution by URLs.

From here, you can drill down into deeper reporting levels to begin a more detailed analysis of asset and user behavior in the network.


Policy

Navigate to Analytics > Policy to see information related to the network policy. This dashboard displays which policy rules were hit. The number of times Threat Defender performed the drop and the reject traffic action of a policy on the network traffic as well as the logged severities.

From here, you can begin a deeper analysis of the network traffic.


Analysis Tailored to Your Needs

cognitix Threat Defender provides more than 600 reporting combinations, graphs and matrixes for your analyses. This includes the following available options, among others:


Time Resolutions

  • Minute (1 second resolution)
  • Hour (1 minute resolution)
  • Day (15 minutes resolution)
  • Week (3 hour resolution)
  • Month (6 hour resolution)


Time Charts

  • Line chart
  • Area chart
  • Bar chart
  • Column chart
  • Stacked column chart


Quantity Charts

  • Pie chart
  • Bubble chart
  • Word cloud
  • Donut chart
  • Sankey chart
  • Chord chart


Traffic Resolution

  • Bits/second
  • Bits Rx/second
  • Bits Tx/second
  • Packets/second
  • Packets Rx/second
  • Packets Tx/second
  • Bits and packets per interface



Tips

  • If you use a private IP range, the source and destination countries are shown as "Unknown Or Invalid Territory".
  • The source and destination countries are based on "GeoIP" values and depend on more values than simple WhoIs data. For more details, see IP address location.