Document toolboxDocument toolbox

Proxy tab

Owned by Juan Tomás Alonso Nieto (Deactivated)
Jul 06, 2022
4 min read

It is also important for a company to check the users' navigation behaviour. Proxy servers have a very important role in a network, acting as an intermediary for requests from clients seeking resources from other servers. The widgets in this tab draw information from the proxy.all.access table.

Using the time travel option at the top, it is possible to apply a time filter to the widgets in the tab in order to inspect activity at an earlier date. You can select a single day by clicking a day in the heat calendar widget. For instance a day with an especially high amount of traffic. Then select Apply interval and all widgets will be updated immediately.

Alternatively, you can select either a single day or a time period using the time travel filter controls. There are buttons for selecting recent periods or calendar controls to select specific dates.

Proxy traffic evolution

You can check the proxy traffic history through a heat calendar that shows the daily amount of proxy traffic over the last 12 months. The line chart next to it shows proxy traffic over the last 24 hours.

User behavior

Select the Expand section option to see the following widgets:

Users by accessed hosts

The Voronoi diagram is a breakdown of users grouped by hosts over the period specified. 

Most accessed remote hosts

This table below shows a count of users with the hosts they accessed, along with the corresponding source IP address. Enter a user or host in the search box at the top of the table to filter the contents of the list.

You can also use this table to filter the contents of the Users by accessed hosts Voronoi diagram, the Most active users pie chart and the Distribution of users, hosts and IPs graph in this section. Select a user or host name and those widgets will be filtered out using the selected value. To remove the filter, select the x icon in the blue bar that appears in the filtered widgets.

Users by number of connections

Check the proportion of users over the period specified.

Users, hosts and IPs

This graph is a representation of the different relationships between users, IP addresses and accessed hosts.

Most rejected users and categories

These tables display a count of the most denied IP addresses, with their corresponding users and categories.

Top active users

Check the count of IP addresses and users with the highest number of connections over the selected period.

Users by OS, family and device

This Voronoi diagram shows users grouped by their corresponding operating systems, families and devices.

Navigation behavior

Select the Expand section option to see the following widgets:

Distribution of accesses

This diagram groups the different accesses by top-level domain, sub-domain and host.

URLs with the highest entropy

This table lists the URLs with the highest Shannon entropy over the selected period. 

You can also use this table to filter the contents of the Traffic by domains graph in this section. Select a user or host name and the widget will be filtered out using the selected value. To remove the filter, select the x icon in the blue bar that appears in the filtered widgets.



Accessed top-level and sub-domains

This pie chart shows the breakdown of most accessed first-level domains over the selected period. See the relationships between accessed top-level domains and sub-domains over the selected period.

Most denied categories

These pie charts show the most denied categories and web categories over the selected period.

Top machines with TCP errors

This table shows a count of the machines with the highest number of errors, including the corresponding types and categories.

Accesses by request status, category and status code

This Voronoi diagram is a breakdown of accesses grouped by request status, category and status code.

Result codes

This bar chart shows the frequency of cache result codes over the selected period.