This tab is designed to facilitate the detection of suspicious internal and external network traffic. This is especially useful for large networks, where it is often difficult to detect punctual abnormal activities.
Outbound network traffic
This graph chart displays outbound firewall traffic routed through suspicious ports and including the destination countries.
When checking network traffic, you can filter by activity clicking a specific port or group of ports. There is a port list preloaded as a lookup, including the ports usually used to penetrate a remote network, for example DNS, Telnet, SMTP, RDP, SSH or VNC.
You can also customize the graph in many different ways. See Graph diagram to learn more about this type of chart.
The filters at the top of this widget allow you to filter by specific groups of ports, and select the way IP addresses are grouped in the private network and public networks.
|Filter by ports|
Select a list of suspicious ports to filter the traffic by. Choose from Default ports (list of suspicious ports selected by the Devo Security team), Top Risk ports, Login and Authentication ports, Active Directory ports, Database Ports and Custom ports (select this option to enter a specific set of ports in the Ports field that appears).
|Show Private Network By||Choose the way you want to group IP addresses in the private network. The available options are Subnet and IP.|
|Show Public Network By||Choose the way you want to group IP addresses in the public network. The available options are ASN, Subnet and IP.|
Click Apply to filter the data according to the selected settings, and Reset to go back to the default options.
Outbound proxy discover traffic
This graph is a breakdown of proxy servers accessing low reputations sites, and users accessing those proxy servers. This graph has two main objectives:
- Detect internal IP addresses using only proxy servers.
- Check the list of proxy servers performing requests to low reputation sites, and detect the users that are sending those requests.
This graph is the result of joining three different queries. You can see the queries by selecting this iconat the top right corner of the widget.