The Analytics section provides the tools to evaluate data collected by the firewall ecosystem, make policy decisions and take defensive actions using application- and user-based analytics.
You need to have NSM advance license to view and manage the Analytics.
Analytics gives user ability to perform deep investigation on traffic going through firewall. Information collected from firewall is visualized in the form of groups, graphs and table for simple and effortless investigation. Analytics can be performed on all firewall logs or logs related to specific report.
Analytics gives detailed insight of user information such as network events, user activities, threats, operational and performance issues, security efficacy, risks and security gaps, compliance readiness, and auditing. You can perform flexible drill-down and gain insight into your network, user access, connectivity, application use, threat profiles, and other firewall-related data.
Navigating to the Analytics Page
Go to Firewalls > Inventory to view a list of all the firewall devices.
Click on the Name of the firewall device for which you want to view the analytics data. You will be directed to the Firewall View for the selected device.
Click on the Analytics tab on the Monitor view to view the Analytics page.
The Anaytics page displays the session log data in 3 views i.e. List, Graph and Log. When you click on the Analytics tab you will be directed to the list view by default. This view groups all data in different groups on your selected firewall network such as Applications, Source and Destination IP Addresses, Users, Web Activities, Threats, Devices, BMW, Blocked and VPN. You can click on each application to see additional information regarding the application.
This view can be customized by modifying limit or number of rows displayed in each group, modifying default 'group by' and displayed columns. You can click on sessions to view specific session logs
You can use the Search button to search for a particular application as well as use the Time Slider to adjust the time duration. You can also use the Custom button to customize the dates. The Traffic Type drop down button allows you to select the report type. You can also export the data using the Export button and refresh the page using the Refresh button.
Apart from the above functions you can filter on any value within group such as in below screen shot you can filter on SSL application by clicking on funnel icon that appears on hovering the mouse in empty space after the application name. Once you filter on specific application name and reload the view, data present in all other groups is filtered for selected values. So, if you filter application by SSL and reload the page, values in sources will display only SSL application sources. This is applicable for all other groups as well i.e. destination, users, etc.
This view allows you to see the relationship between any two metrics available on X and Y, in a graphical format. You can change the individual metric by clicking on the different options on the X and Y axis. For example, if you want to see which all Source IP are generating traffic for specific Application, then you can choose Sources on Y axis and Application on X axis.
The Zoom Slider on the right allows you to zoom in and out of the graph. The Report Type drop down button allows you to select the report type. You can also export the data using the Export button and refresh the page using the Refresh button.
Above the graph, you can change the Group By information using the drop down button. You can also change the visual elements of the graph by using the Graph Setting Button.
This view allows you to see the list of individual connections going through your firewall. You can expand each connection to see more details regarding the connection such as Flow Details, IP/Port Information, Statistics, Application/Threats and Additional Details.
You can use the Search button to search for a particular information as well as use the Time Slider to adjust the time duration. You can also use the Custom button to customize the dates. The Traffic Type drop down button allows you to select the report type. You can also export the data using the Export button and refresh the page using the Refresh button.
The Limit drop down is used to set the limit of the number of connections. You can also edit the columns of the table by using the Grid Settings Button.
This view allows you to create Custom Filters as well.
This feature allows you to create customized filters as per your requirements. This custom filters can be used to manage other reports such as Custom Reports. Custom filters can be created from the Session Logs page on the Monitor View.
Creating Custom Filters
Click on Analytics tab on the Monitor View to see the Session Log information.
Click on the Filter symbol next to the columns to filter the information on the table. For example, if you want to view the social networking category information then click on the filter symbol next to Social-Networking on the Category column. Click on Reload at the top of the table to filter the table as per the Social-Networking data.
All the existing filter will appear as a drop down when you click on the Filter symbol at the top of the table. You can also search for existing filters by clicking on the Search symbol.
You can add multiple filters to the table.
To save the filter, click on the three dots at the top-right of the table and click on Save Filter. The Save Custom Filter As dialog box appears.
Add the Filter Name and click on Save to save the filter. You can also click on Save and Create Report Rule to automatically navigate to the Custom Reports page.
Editing and Deleting Custom Filters
You can add or remove individual filters inside a Custom Filter by editing the filter settings.
To add a new filter you need to open the custom filter using the filter option at the top of the table. Then, click on the filter symbol next to the columns to add the filters. Click on the 3 dots at the extreme right and select Save Filter. You can remove an existing filter by directly clicking on the Save Filter button and removing the filter.
Similarly, you can delete an existing custom filter by clicking on the 3 dots at the extreme right and selecting Delete Filter. Once you delete a Custom Filter from the session log page it will also get deleted from the Custom Rules page, which is used to create Custom Report.
Was This Article Helpful?
Help us to improve our support portal