Document toolboxDocument toolbox

Activeboard: Firewall Monitoring

Purpose

Firewall Monitoring Activeboard allows you to analyze and monitor firewall traffic logs from different angles. In this Activeboard you will be able to:

  • Get data insights and filter them.

  • Track the traffic volume and actions.

  • Have access to Traffic Reputation heatmaps.

  • Compare the connections.

  • Get details about the most used Firewall rules.

  • Analyze denied firewall traffic and most rejected source IPs.

Filters for data insights

Time interval: Select input

Protocol: Select input

Destination Zone: Select input

Action: Select input

Application: Select input

Source IP: Text box input

Device name: Select input

Source Zone: Select input

Source Port: Text box input

Data visualization

Filters for data insights: Select input

Destination IP List: Voronoi widget

Top Talkers by Connections: Table widget

Last 100 Firewall Events: Table widget

Firewall Actions (Allow vs. Deny): Voronoi widget

Top Talkers by Data Transfer: Table widget

Traffic Volume by Application (last day): Area chart widget

Top Source IPs (by bytes): Voronoi widget

Most Used Firewall Rules - Occurrence: Column chart widget

Traffic Action Distribution: Donut chart widget

Source IP by Connections: Pie chart widget

Most Used Firewall Rules - Detail: Table widget

Traffic Activity Over Time by Action: Area chart widget

Source IP by Total KB: Donut chart widget

Most Used Firewall Rules: Voronoi widget

Traffic Activity Over Time by Protocol: Area chart widget

Destination IP by Connections: Pie chart widget

Most rejected Source IPs (>1000): Voronoi widget

Source IP List: Heatmap widget

Destination IP by Total KB: Donut chart widget

Most Rejected Source IPs: Table widget

Bandwith: Heatmap widget

 

 

 

This activeboard supports multitenancy.

Prerequisites

To use this Activeboard, you must have the following data sources available on your domain:

Open Activeboard

Once you have installed the Activeboard, you can use the Open button at the top right of the card in Exchange to access it and see the different widgets populated with the relevant data. You can also access the Activeboard area via the Navigation pane.

Data loading takes too long?

Sometimes some widgets take time to upload the data, it is possible to speed up the process by creating aggregation tasks. Refer to the Aggregation tasks article to learn how to do it.

Use Activeboard

After installing and opening the Activeboard, you can use its widgets to visualize and monitor data. To do this, each widget offers a variety of customization and visualization options. Refer to Using widgets and Using inputs to know them all.