Añadir a la recogida (s) Añadir a salvo
  1. Ingeniería
Subido por Pedro Casas

analytics-administration

Anuncio 
®
SonicWall Analytics
Administration
Contents
About Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
About Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Using On-Premises On-Premises Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Using Analytics with CSC-MA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Device Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Command Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Work Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
6
6
6
Notification Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Accessing ANALYTICS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Acquisition History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Flow Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Flow Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Firmware Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Synchronize with MySonicWall.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
End User License Agreement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Device List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Map Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Network Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Using Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Navigating IPFIX-Based Analytics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Using the Groups Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Using Other Filtering and Sorting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Using the Data Management Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Using the Groups Summaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Using the Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Using the Graphs Tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Using Graphs Filtering and Sorting Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Using the Graph Management Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Using the Graphs Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Using the Graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Session Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Using Filtering and Sorting Options for Session Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Using the Session Logs Display Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Using the Session Log Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
ANALYTICS Administration
Contents
2
Using the Session Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
SonicWall Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
About This Document . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
ANALYTICS Administration
Contents
3
1
About Analytics
SonicWall® Analytics extends security event analysis and reporting by providing real-time visualization,
monitoring and alerts based on correlated security data.
NOTE: The Syslog-based implementation of On-Premises Analytics does not include an ANALYTICS view.
Key Syslog-based information is provided in the REPORTS view. For more information, refer to Analytics
REPORTS Administration for Syslog Solution.
Topics:
• About Analytics
• Navigation
• Notification Center
• Accessing ANALYTICS
• Related Documents
About Analytics
With On-Premises Analytics, you can perform flexible drill-down and analysis and gain insight into your network,
user access, connectivity, application use, threat profiles and other firewall-related data. It provides the
following key features:
• Data collection that includes normalizing, correlating, and contextualizing the data to the environment
• Streaming analytics in real time
• Analytics including activity trends and connections across the entire network
• Real-time dynamic visualization of the security data from a single point
• Real-time detection and remediation
SonicWall On-Premises Analytics is designed for customers requiring long-term storage of firewall logs and
supports all SonicWall firewalls. It also supports integration with Capture Security Center-Management,
Reporting, and Analytics (CSC-MA).
For firewalls not under management, you can do reporting and analysis using On-Premises Analytics. It can be
deployed as a virtual machine using OVA on VMware ESXi. Refer to the On-Premises Analytics ESXi Deployment
Guide which can be found at the Technical Documentation portal.
Using On-Premises On-Premises Analytics
SonicWall Analytics can be used as a standalone On-Premises solution for collecting and storing flows and log
data from firewalls and use for data analytics and reporting.
NOTE: In this kind of deployment, you do not have firewall management capabilities.
ANALYTICS Administration
About Analytics
4
Using Analytics with CSC-MA
SonicWall Analytics can be used in conjunction with CSC. This allows users to manage firewalls from CSC and
also view reporting and analytics data in CSC from On-Premises Analytics while storing data locally.
When you click on the firewall whose data is stored in Analytics, CSC-MA fetches the data from the On-Premises
Analytics and shows it in the CSC. Data is encrypted and compressed so that no data integrity issues are
experienced.
Navigation
The interface for Analytics varies because of the different configurations and types of reporting that can be
selected. The images provided do not match every implementation, but should be viewed as an example that
you can use as a guide while moving through the interface. Major differences are noted when needed to avoid
confusion.
When you first open the HOME view, the interface shows three work areas:


Device Manager

Work space
Command menu
Topics:
• Device Manager
• Command Menu
• Work Space
ANALYTICS Administration
About Analytics
5
Device Manager
In the DEVICE MANAGER, you can group the devices in your security infrastructure using the pre-defined views.
Under each view you see a summary of all of the devices that are being managed in your security infrastructure.
The appliances are listed in alphabetic order. You can change the views, and additional views include:
• GlobalView
• FirmwareView
• ModelView.
In FirmwareView and ModelView, the devices are grouped by firmware version and model number, respectively.
Refer to Device Manager for more information.
Command Menu
The command menu is located directly under the SonicWall logo. You can manage your devices using these
commands. The commands are grouped under similar functions. Click on the command to expand it and see the
options. For example, Status, Dashboard, and Live Monitor are grouped under Overview for IPFIX-based
reporting. If you select a different view from the top of the work area, different menu items are shown.
Work Space
The work space is where all the data is displayed. This is where you monitor status, see reports, set schedules,
drill down for data and so forth. Similar tasks are grouped under the views identified by the icons across the top
navigation of the work space. The options may vary according to your configuration. The following figures shows
two sample implementations, along with a description of the views.
Top Navigation for Syslog-Based, On-Premises Analytics
Top Navigation for Analytics in CSC-MA
I
Icon
Description
HOME
The default view when you login with most implementations. Navigate here to view the
general data such as status, Dashboard, and summary reports.
NOTE: The Syslog-based, On-Premises Analytics is missing the HOME view.
MANAGE
When Analytics is licensed with a firewall management system this view takes you to
the commands for managing your firewalls.
REPORTS
Various reports, including live reports, when available, are shown and scheduled in this
view.
ANALYTICS
Available for the IPFIX-based Analytics. Navigate here to see details and perform a deep
dive on the information.
ANALYTICS Administration
About Analytics
6
Icon
Description
NOTIFICATIONS
Shows the status of your network system, allows you to set rules and configure
settings, and shows the history of the rules.
NOTE: This view is available with only with IPFIX-based Analytics.
CONSOLE
Provides access to the CONSOLE (also labeled the Application Configuration Panel on
the interface) where you can view logs, manage your appliance and perform other
tasks.
At the upper right corner of the work space, additional icons provide information and facilitate your work.
Icons
Description
Appliance text box
Indicates the type of device being monitored.
System Status icons
Provides system status. Click the individual icons for more detail.
• CPU/Processor
• Memory/RAM
• Storage/Disk
• Estimated Capacity (shown for On-Premises Analytics
implementations)
Alerts and Notifications icon
Opens the Alerts and Notifications Center. (Refer to Notification Center
for more information.)
NOTE: This is only available with IPFIX-based Analytics operating in a
cloud environment.
Online Help
Accesses the online help and the Analytics API.
User ID
Indicates the user and the version of the product, and allows you to log
out of the application.
Notification Center
NOTE: The Notification Center is only available with IPFIX-based Analytics operating in a cloud
environment.
The Notification Center provides an overview of the status and activities being monitored and recorded by
Analytics. It displays all alerts, network usage, threats, web activities, and geo (geological) locations. Each option
shows how many unread alerts appear in that particular category.
Tile
Description
ALL
Shows the all alerts for all the categories.
NETWORK USAGE
Shows the alerts generated specifically by network usage.
THREATS
Shows the alerts generated by threats such as botnet, virus, intrusion, spyware, and
so forth.
WEB ACTIVITIES
Shows alerts generated by websites and web categories.
ANALYTICS Administration
About Analytics
7
In the search bar, you can search by firewall name, alert name, message or details.
To mark a single alert as read, click on the alert to acknowledge it. Click the white checkmark to mark all alerts in
that view a having been read.
To delete a single alert, click on the X on each alert. Click the trash icon at the top right to delete all the alerts in
the view.
Accessing ANALYTICS
You would typically access On-Premises Analytics through the CSC portal.
To access On-Premises Analytics:
1 Log in to your Capture Security Center (CSC) portal with your MySonicWall username and password.
2 If you access Analytics through CSC-MA:
a Log in with your MySonicWall credentials.
b Choose a tenant or group.
c
Select the ANALYTICS tile.
d Go to ANALYTICS in the top navigation menu.
ANALYTICS Administration
About Analytics
8
Analytics 2.5 Flow View Unit Level
Analytics 2.5 Flow View Global Level
IMPORTANT: Zero Touch is not supported with CSC-MA when implemented with on-premises Analytics.
NOTE: The sub-commands available in the Overview command vary according to the type of view you
selected in the Device Manager. For example, when using the global view flow Analytics, you can select
the Devices option. When using the unit view for a specific firewall, you can select the Status or Network
Topology options instead.
Related Documents
The following documents provide additional information about Analytics or related firewall management
applications:
• Analytics HOME Administration
• Analytics REPORTS Administration
• Analytics NOTIFICATIONS Administration
• Analytics CONSOLE Administration Guide
ANALYTICS Administration
About Analytics
9
2
Overview
• Status
• Device List
• Network Topology
Status
The system goes through a series of steps when acquiring a firewall, and these steps can be monitored on the
Overview > Status page, whether you use Zero Touch Deployment or manually bring it under management. The
unit must first be plugged in for power and wired to both LAN and WAN for the device to be detected.
The Status page shows different things depending upon whether you have firewall management with Analytics
or on-premises Analytics, the Syslog-based option or IPFIX-based option. The interface shows which options are
applicable to your implementation.
NOTE: You need to license Analytics to get access to these options. If you licensed Reporting, you only
have access to the Home and REPORTS views. Contact your sales representative if you have questions
about your product licensing.
The information on the Status pages is broken into the following:
• Acquisition History
• Firewall
• Flow Management
• Flow Details
• Firmware Details
• Synchronize with MySonicWall.com
• End User License Agreement
Acquisition History
The steps taken while a unit is being acquired is tracked in the Acquisition History section of the Status page. As
each stage is completed, success is indicated by a green check mark inside a small green box along with a
message indicating status. If you want more information about each stage, you can expand it by clicking on the
right arrow. More messages and status are displayed.
ANALYTICS Administration
Overview
10
If an error occurs, or if a process seems to be taking too long, you can use the information from the expanded
options to determine where to begin your troubleshooting. When the acquisition completes successfully, green
check marks are shown for every stage.
NOTE: Acquisition History is not shown for on-premises Analytics.
Firewall
The Firewall section of the Status page shows the data for the selected firewall.
A green up arrow indicates that ipfix packets are being received from the firewall. If the acquisition has not
completed successfully, the status shows a red down arrow, indicating that the firewall is not online or that
there is some kind of error. You can use the messages from the page to help diagnose what the issue might be.
Flow Management
The Flow Management section of the Status page, for Analytics 2.5 flow-based reporting at the unit level,
shows statistics about the flow agent you set up on this device.
ANALYTICS Administration
Overview
11
The green arrow symbol means that the VPN tunnel was successfully established.
Flow Details
The Flow Details sections of the Status page, for Analytics 2.5 flow and syslog based reporting at the global
level, show statistics about data storage, disk size per the licenses issued, and available (mounted) disk sizes.
Firmware Details
The Firmware Details is visible at the global view. It shows the information about how many firewalls are
licensed for Reporting and Analytics.
Synchronize with MySonicWall.com
SonicWall appliances check their licenses/subscriptions with MySonicWall once every 24 hours. You can
manually synchronize with MySonicWall by clicking on the Synchronize with MySonicWall.com button if you
want to synchronize immediately.
ANALYTICS Administration
Overview
12
End User License Agreement
The End User License Agreement button at the bottom of the Status page provides the SonicWall End User
General Product Agreement, SonicWall Service Terms for Capture Security Center (Hosted Offering), and the
End User License Agreement for SonicWall NSv. Click the button to learn more about end user product
agreements and legal resources.
Device List
On an implementation that integrates CSC-MA with Analytics, you have the Device List option when the
GroupView or GlobalView is selected in the DEVICE MANAGER. You have the option to view your devices
instead:
Devices
The following images show you the Device List for the group or global view you selected when in CSC-MA. The
firewalls or virtual units that make up that view are listed in the table on the default view, which is the Devices
tab. A summary showing the status of the devices in the group is shown at the top of the table. You can also
search for a specific device to display, refresh the display or customize the table by using the search field and
icons above the table.
ANALYTICS Administration
Overview
13
Map Locations
By selecting the Map Locations tab, you can see how the devices are distributed over a world map.
ANALYTICS Administration
Overview
14
Network Topology
The Network Topology page provides a visual representation of your network. The following shows a small
network configuration. Larger, more complex configurations can also be easily represented.
By clicking on a node in the configuration, you get the details for that node. Depending on the node type, the
details might include IP address, MAC address and status. Other node types may include the name and links to
options in other views, like the Dashboard, for example. Click away from the pop-up window to hide the details.
ANALYTICS Administration
Overview
15
Some nodes have a red number associated with them. That indicates the number of devices attached to that
node, including itself. Double-click on the node to view a device list.
The icons at the top right corner of the Network Topology page provide the following options:
Option
Description
Export/Download Options
Click to generate a PDF file of the network topology and the details for each
node.
Refresh
Click to refresh data on the page.
Additional Options
Click to see a list of additional options. These include Page Tips, Go To
Schedules, and Go to Archives.
• Page Tips provides information on how to use this page.
• Go To Schedules is a link to Reports | Scheduled Reports > Schedules.
• Go to Archives is a link to Reports | Scheduled Reports > Archive.
The icons to the left of the network graphic can be used to manipulate the view of the data.
Option
Description
Reset
Click to center the topology graph when you’re done moving things around.
Selection Mode
Choose Select mode or Drag mode. You can select or drag any of the nodes in
the topology diagram.
Zoom
Use the sliding node to zoom in or zoom out of the topology diagram. You can
also use the mouse wheel. Each click of the wheel represents a 10% change in
zoom factor.
For some nodes displayed on the topology map, you can drill down to get more information. Once the node is
highlighted, you can right-click on your mouse to see a list of options associated with that particular kind of
node. As shown in the following examples, you can chose to drill down on all traffic, web activities, blocked
issues or threats for an end user system. For a firewall, you see a different set of options that are links to
different reports available on the other views.
ANALYTICS Administration
Overview
16
ANALYTICS Administration
Overview
17
3
Using Analytics
This section describes the kinds of data displayed when using IPFIX-based Analytics. It discusses how the data is
structured and presented, but the most effective way to learn how to use Analytics is to click on the options and
see what they show you for your network infrastructure. The following information is a reference to get you
started.
Topics:
• Navigating IPFIX-Based Analytics
• Groups
• Graphs
• Session Logs
Navigating IPFIX-Based Analytics
Analytics has the most value when trying to get specific detail on a situation or when trying to diagnose an
issue. Typically, you see something unusual in your environment which triggers the need to investigate. For
example, you may be monitoring your network through the Dashboard, and you see something that is behaving
differently than you expect.
In your first attempt at a drill down, you may be taken to the Reports view of the tool to see details behind the
deviation. For example, you might notice on the Attacks page that the number of attempts is higher than usual.
Going to the Intrusions reports you can see more information about the intrusions detected, blocked, and other
relevant data.
Continuing the example above, click on the number of connections for a particular intrusion and see the Session
Logs for Threats. (Intrusions are one kind of threat.) Drilling down on other types of information may take you to
other Analytics options.
The Analytics view is divided into the following menu options for flow-based reports:
• Overview provides Status information and the Network Topology map of your network infrastructure. If
using a global or group view, the Device List may also appear as an option. Each of these options are
described in more detail in Overview.
• All Traffic provides the Groups, Graphs, and Session Logs for all the traffic moving through your network
infrastructure.
• Web Activities, Blocked, and Threats each provide the Groups, Graphs, and Session Logs for the traffic
using web connections. Web Activities, Blocked, and Threats are a subset of All Traffic.
ANALYTICS Administration
Using Analytics
18
Since every environment is different—with different configuration, different filters and so forth—each
administrator may use Analytics somewhat differently. You can get to specific information in different ways,
depending on what drill-down methods you use. For each of the traffic options—All Traffic, Web Activities,
Blocked and Threats—the same three views of the data are presented. Regardless of the traffic type, navigation
within each of these views is similar and described in the following sections:
• Groups
• Graphs
• Session Logs
Groups
The Groups option under each type of traffic provides detailed data in table form. You can sort, filter, and take
action on this data in a number of ways.
Using the Groups Tabs
On all of the Group options you can use the tabs across the top to narrow the traffic to specific categories.
Tab
Description
Applications
Sorts all traffic by applications using the network. When the icon for that application is
available, it is also displayed.
Web Activities
Categorizes the traffic by web category. When available, you can see details by clicking on
the category.
Users
Provides data at it relates to the users connected to the system. You can track user level
transactions and activities by filtering on several different options.
Sources
Lists the IP addresses for the source of the traffic.
Destinations
Lists the IP addresses for the destination of the traffic.
Threats
Sorts all the threats by type: intrusion, virus, or spyware. Click on the INTRUSION name to
see more details when available.
Devices
Select the Group by option from the drop-down list to show the device name, interface, or
IP address of the devices traffic is being routed through. Click on the link to see more details
when available.
BWM
Select the Group by option from the drop-down list to categorize the bandwidth priority
queues. Choose Inbound, Outbound or All.
Blocked
Shows the threats that have been blocked.
ANALYTICS Administration
Using Analytics
19
Using Other Filtering and Sorting Options
Many of the options under the tabs are used to further filter or sort the data in the table.
Option
Description
You have two ways to filter the data in the table. You
can click the Filter icon at the top of the table to select
filter options from the drop-down list. Alternatively,
you can click the Filter icon embedded in the table that
appears when you highlight an item. That item is then
added to the filter. You can add multiple items to create
more layers of filtering.
When the filter is built, click the Refresh button to
apply it. Click the Save icon in the gray bar to save the
filter for later use or click Clear all Filters icon to
remove them all.
You may need to refresh the data when filters are
cleared.
Click on the Search icon and enter the search string the
field provided. When you press Enter, the table data is
filtered on the search string.
NOTE: The characters in the search string are case
sensitive.
Slide the node left and right to set a pre-defined
interval for the table. The intervals range from 60
seconds to 90 days.
Select Custom to set a user-defined report interval. A
calendar pops up where you can select a date and time
range or choose a specific day to display.
Click on the Group by drop-down menu to apply more
filtering to the table. Different options are available for
different tabs.
Using the Data Management Icons
Several icons appear in the upper right corner above the data table. These icons can be used to manage the
appearance of the table, manage the data in the table, or go to other options.
Icon
Description
Click the Export/Download options icon to generate reports from the displayed data:
• Generate Flow Report PDF
• Download Capture Threat Assessment
• Export Grid Data as CSV
Click Refresh to refresh the data in the table.
ANALYTICS Administration
Using Analytics
20
Icon
Description
Click the Show/Hide icon to customize the columns displayed in the table. In the drop-down list,
check the box to select the data you want displayed. Uncheck the box if you want to remove the
data from the table.
NOTE: Some columns are fixed and cannot be removed from the table. Others are selectable.
Click the Options icon for the following:
• Page Tips
• Go to Schedules (REPORTS |Scheduled Reports > Schedules)
• Go to Archives (REPORTS |Scheduled Reports > Archive)
Using the Groups Summaries
The Groups option provides two summaries at the bottom of the table.
Table Summary
Flows Summary
The Table Summary tells you how many items appear in the table and how many sessions are tied to those
items. It also tells the total size of all the packets, the total number of bytes, and the total number of threats.
The Flows Summary is active when you open the page or when you refresh the data on the page. It shows you
the progress of the flows being scanned and provides other details like how many groups are made and how
many flows are being scanned.
NOTE: It may take some time to process all the flows or sessions. While the operation is in progress, a
Stop button appears in the bar so you can terminate the operation if you want.
Using the Table
You can drill down for more details and take other actions directly from the Groups table.
• Click on the headings in the table to sort the data in ascending or descending order.
• Click on the blue text in the table. These are active links and can show additional details about those
items.
• Add a filter directly from the table by clicking on the Filter icon that appears in the row that you
highlight.
• Click on the Drill Down icon (the magnifying glass in the table) to see direct links to other types of
reports.
ANALYTICS Administration
Using Analytics
21
Graphs
The Graphs option under each type of traffic provides a graphical representation of the traffic. You can sort,
filter, view, and take action on this data in a number of different ways. The following is the default graph when
you first select this option. The layout style is a Lens chart.
Using the Graphs Tabs
On any of the Graphs options, you can use the tabs across the top to narrow the traffic to specific categories.
Tab
Description
Applications
Sorts traffic graph by applications using the network.
Destinations
Shows the IP addresses for the destinations of the traffic and how they are all linked.
Web Activities
Shows which devices are accessing which web services. When available, you can see details
by clicking on the category.
Threats
Shows which systems are trying to access items that are categorized as threats.
Blocked
Shows the threats that have been blocked and which IP addresses were trying to access
them.
ANALYTICS Administration
Using Analytics
22
Using Graphs Filtering and Sorting Options
Many of the options under the tabs can be used to further filter or sort the data in the graph.
Option
Description
Click the Filter icon to see the drop-down menu of
filtering options:
1 Select the option and type in the definition.
NOTE: The names are case sensitive.
2 Click the Refresh button to apply the new filter.
3 Click Filter again to add another layer of filtering, if
desired. The filters are shown in gray bar above the
table.
4 Click the Save icon in the gray bar to save the filter
for later use or click Clear all Filters icon to remove
them all.
You may need to refresh the data when filters are
cleared.
Click on the Search icon and enter the search string the
field provided. When you press Enter, the table data is
filtered on the search string.
NOTE: The characters in the search string are case
sensitive.
Slide the orange node left and right to set a pre-defined
interval for the graph. The intervals range from 60
seconds to 90 days.
Select Custom to set a user-defined report interval. A
calendar pops up where you can select a date and time
range or choose a specific day.
Click on the arrowhead to see and select the different
kinds of connections that can be displayed on the graph.
The default is # of Connections, but other options
include Amount of Data Transferred, # of packets
Exchanged, and # of Threats.
NOTE: The definition for the link type is also shown on
the drop-down list. For example, when Amount of Data
Transferred is selected the lines represent data transfers
greater than or equal to 10 bytes.
Click on the Group by drop-down menu to apply more
filtering to the graph. Different options are available for
different tabs.
ANALYTICS Administration
Using Analytics
23
Using the Graph Management Icons
Several icons appear in the upper right corner above the data table. These icons can be used to manage the
appearance of the graph, manage the data in the graph, or go to other options.
Icon
Description
Click the Halo icon to enable/disable the halo effect on the nodes in the graph. Different halo
levels can be defined by clicking the Configure Graph icon.
Click the Configure Graph icon to configure settings for the graph:
Define the Ping Settings, Halo Settings, and Link Settings for your graph and click OK.
NOTE: The Halo effect is only shown for few seconds. To see it again, refresh the page.
Click the Export/Download options icon to generate reports from the displayed graph:
• Generate Flow Report PDF
• Download Capture Threat Assessment
• Export as Image
• Export as PDF
Click Refresh to refresh the data in the graph.
Click the Options icon for the following :
• Page Tips
• Go to Schedules (REPORTS |Scheduled Reports > Schedules)
• Go to Archives (REPORTS |Scheduled Reports > Archive)
ANALYTICS Administration
Using Analytics
24
Using the Graphs Summary
The Graphs option provides summaries at the bottom of the window.
The Flows Summary is active when you open the page or when you refresh the data on the page. It shows you
the progress of the flows being scanned and provides other details like how many items are grouped and how
many flows are being scanned.
NOTE: It may take a long time to process all the flows or sessions. While the operation is in progress, a
stop button appears in the bar to allow you to terminate the operation.
Using the Graphs
Within the main Graphs pane, you have several tools for drill down or other actions:
• Graph tools, on the left
• Circular menu, which can be placed where you want
Graph Tools
Use the graph tools to drill down for more detail or take other actions directly on the graphical data.
Graph Icons
Function
The Filter function within the graph works a little differently than the
filter in the header of the graph.
1 Select a node or node type in the graph.
2 Click on the Filter icon and a filter is added.
3 Click on Refresh and the graph is updated based on the new filter.
4 Click the x by the filter to clear it and click Refresh to update the
data in the graph.
The Reset icon centers the graph and resets it to its default size.
When you click on the Drag/Select option, it expands to show your
choices. The leftmost icon, Drag mode, is the active option, which is
also indicated in orange when expanded. When in Drag mode, you can
select a node or connection and reposition it within the graph. You can
also drag the entire graph by clicking and holding on some white space
within the chart and then dragging the chart where you want it.
When in Select mode, the rightmost icon, you can also select a node or
connection and reposition it within the graph. With the Select mode,
you can also draw a square around a node or group of nodes to take
action on them.
ANALYTICS Administration
Using Analytics
25
Graph Icons
Function
When you click on the Chart Layout option, it expands to show several
views for the chart. The options include: Tweak, Structural, Standard,
Hierarchical, Radial, or Lens. The Lens chart is the default. The icon
highlighted in orange is the current active view.
The zoom function allows you to zoom in or zoom out, as needed. Grab
the node and slide it up or down the scale. You can also zoom in and out
using the wheel on your mouse.
You can drill down for more details on the nodes and connections in the chart.
• The physical size of the node within the chart can be an indicator of its rank or number of connections.
For example, a larger computer node has several connections while a smaller one only shows one or two.
• The thickness of the connecting lines indicate which connections are busier. A thicker line indicates more
sessions, bytes and packets than the thinner lines.
• You can click on any node or connection and get more details about it from the window that pops up.
• Once a node or connection is selected, you can right-click on your mouse to see additional options. The
following show some of the options:
Circular Menu
The Graphs view has a circular menu that you can use to perform additional filtering on the data being
displayed. If the menu isn’t visible, you may need to expand the window to its fullest and close the DEVICE
MANAGER pane.
The circular menu initially appears as a single icon on the Graphs view. It appears in all the traffic categories (All
Traffic, Web Activities, Blocked and Threats), and defaults to Source IPs as shown below.
ANALYTICS Administration
Using Analytics
26
When you click on the Source IPs icon, it spins out in a circular fashion to show other menu options. You can
click on the blue X in the center to close the circular menu.
Choose one of the other options and the graph adjusts to show the new view requested. For example, when you
select Interfaces, the graph changes to show the interfaces being used for these connections. The circular menu
and the tabs can be used in conjunction to get different combinations of data displayed in the graph.
Session Logs
The Session logs option under each type of traffic shows a the number of connections in bar chart form. It also
provides the detailed log entries in table form. You can filter, search, and take action on this data in a number of
different ways. The following figure is a partial screen image of the data displayed in Session logs.
ANALYTICS Administration
Using Analytics
27
Using Filtering and Sorting Options for
Session Logs
Many of the options at the top of the table are used to further filter or sort the data in the table.
Option
Description
Click the Filter icon to see the drop-down menu of
filtering options:
1 Select the option and type in the definition.
NOTE: The names are case sensitive for this filter
function.
2 Click the Refresh button to apply the new filter.
3 Click Filter again to add another layer of filtering, if
desired.
The filters are shown in gray bar above the table.
4 Click the Save icon in the gray bar to save the filter
for later use or click Clear all Filters icon to remove
them all.
You may need to refresh the data when filters are
cleared.
Click on the Search icon and enter the search string the
field provided. When you press Enter, the table data is
filtered on the search string.
NOTE: The characters in the search string are case
sensitive.
Slide the node left and right to set a pre-defined
interval for the table. The intervals range from 60
seconds to 90 days.
Select Custom to set a user-defined report interval. A
calendar pops up where you can select a date and time
range or choose a specific day.
Using the Session Logs Display Options
Several icons appear in the upper right corner above the data table. These icons can be used to manage the
appearance of the table, manage the data in the table, or go to other options.
Icon
Description
Set the number of rows shown on each page in the grid. Click the
drop-down menu and select the option. The options range from 10 to
8000 (Max).
Click this icon to enable the Chart and Grid Multi View. The view shows
the bar chart for connections and the log entries in the table. This icon
is highlighted in black when enabled.
Click this icon to enable the Grid Only View. The view only shows the
log entries in the table. This icon is highlighted in black when enabled.
ANALYTICS Administration
Using Analytics
28
Icon
Description
Click the Export/Download options icon to generate reports from the
displayed graph:
• Generate Flow Report PDF
• Download Capture Threat Assessment
• Export Grid Data as CSV
Click Refresh to refresh the data in the table.
Click the Show/Hide icon to customize that data displayed in the table.
In the drop-down list, select the data you want displayed (check the
box); uncheck it if you want to hide it.
Click the Options icon for the following :
• Page Tips
• Go to Schedules (REPORTS |Scheduled Reports > Schedules)
• Go to Archives (REPORTS |Scheduled Reports > Archive)
Using the Session Log Summary
The Session logs option provides a summary at the bottom of the window.
Session Logs Summary
The Session logs summary is active when you open the page or when you refresh the data on the page. It shows
you the progress of the flows being scanned and provides other details like how many entries were found and
how many flows are being scanned.
Using the Session Logs
You can drill down for more details and take other actions directly from the Session Logs table.
• Mouse over the bars in the chart to see the number of connections for that time period.
• Click on the blue text in the table. These are active links and can show additional details about those
items. The following is an example from an SSL application.
ANALYTICS Administration
Using Analytics
29
Click on the Sig ID link for the virus advisory for this object.
• Filters can be added directly from the table by clicking on the Filter icon that appears in a specific row
and column that you highlighted. Multiple filters can be selected and appear in the gray header area.
Click Save to save the filter you defined, or click the Clear icon to clear all filters. Click the x by a specific
filter remove it. Be sure to Refresh whenever you add or delete filters.
• You can expand an item to get more detailed information. Simply click on the arrowhead next to line item
number. Click on it again to hide the data.
ANALYTICS Administration
Using Analytics
30
4
SonicWall Support
Technical support is available to customers who have purchased SonicWall products with a valid maintenance
contract and to customers who have trial versions.
The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a
day, 365 days a year. To access the Support Portal, go to https://www.sonicwall.com/support.
The Support Portal enables you to:
• View knowledge base articles and technical documentation
• View video tutorials
• Access MySonicWall
• Learn about SonicWall professional services
• Review SonicWall Support services and warranty information
• Register for training and certification
• Request technical support or customer service
To contact SonicWall Support, visit https://www.sonicwall.com/support/contact-support.
ANALYTICS Administration
SonicWall Support
31
About This Document
Legend
WARNING: A WARNING icon indicates a potential for property damage, personal injury, or death.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if instructions are not followed.
IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting information.
SonicWall® Firewall Management ANALYTICS Administration Guide
Updated - November 2019
232-005149-00 Rev A
Copyright © 2019 SonicWall Inc. All rights reserved.
SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other
trademarks and registered trademarks are property of their respective owners
The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or
implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of SonicWall
products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT,
SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY
WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR
A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT,
INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF
PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF
SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SonicWall and/or its affiliates make no
representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to
make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any
commitment to update the information contained in this document.
For more information, visit https://www.sonicwall.com/legal.
End User Product Agreement
To view the SonicWall End User Product Agreement, go to: https://www.sonicwall.com/en-us/legal/license-agreements.
Open Source Code
SonicWall is able to provide a machine-readable copy of open source code with restrictive licenses such as GPL, LGPL, AGPL when applicable
per license requirements. To obtain a complete machine-readable copy, send your written requests, along with certified check or money
order in the amount of USD 25.00 payable to “SonicWall Inc.”, to:
General Public License Source Code Request
SonicWall Inc. Attn: Jennifer Anderson
1033 McCarthy Blvd
Milpitas, CA 95035
ANALYTICS Administration
SonicWall Support
32
Documentos relacionados
Here - Fico
Here - Fico
Read me - How to edit colors
Read me - How to edit colors
Data Visualization: Enhancing Big Data More Adaptable and Valuable
Data Visualization: Enhancing Big Data More Adaptable and Valuable
HP Haven: See the big picture in Big Data
HP Haven: See the big picture in Big Data
Your Full Cookie Log
Your Full Cookie Log
The Changing Face Of Leadership
The Changing Face Of Leadership
hybrid-cloud-analytics-platform-im-analyst-paper-or-report-iml14573usen-20180309
hybrid-cloud-analytics-platform-im-analyst-paper-or-report-iml14573usen-20180309
Get the High-Performance Database and Data
Get the High-Performance Database and Data
MicrosoftWindowsEventing
MicrosoftWindowsEventing
TDWI BigDataMaturityGuide 20132014 Web rev1614
TDWI BigDataMaturityGuide 20132014 Web rev1614
Learning Analytics for Learning Design A Systematic Literature Review of Analytics-Driven Design to Enhance Learning
Learning Analytics for Learning Design A Systematic Literature Review of Analytics-Driven Design to Enhance Learning
Descargar
Anuncio
Anuncio