SAMI Feature Guide
Table of Contents
Retrieving Information from NSM SaaS by Analyzing Network Activities
The SonicWall AI for Monitoring & Insight (SAMI) helps to understand and manage network activities. The SAMI fetches the detailed analysis provide insights into blocked and allowed IP addresses, web categories, and data transfers, helping identify threats, trusted sources, and optimize bandwidth usage. Analysing traffic patterns allows for informed decisions on capacity planning and targeted troubleshooting.
Here are a few examples of network activity information that you can retrieve using SAMI from Network Security Manager (NSM) SaaS.
The following table describes a few network related activity queries that you can use to retrieve information using SAMI.
| Query | Response |
|---|---|
| Top five blocked IP address. |
The top five blocked IP addresses are listed, identifying potential threats or problematic sources. |
| Top five allowed IP address. |
The top five most frequently allowed IP addresses are listed, which can help understand trusted sources or frequent interactions. |
| Top five blocked web categories by connections or sessions. |
The top five blocked content, based on the number of connections or sessions, are listed. This helps us understand the types of content that are being accessed and blocked. |
|
Top five allowed web categories by connections or sessions. |
The top five allowed content is listed based on the number of connections or sessions. This displays insights into web traffic to ensure organizational security. |
| Top five allowed web categories by total data transferred (bytes). |
The top five website categories that consume the most bandwidth are listed. This list is crucial for bandwidth management and understanding data flow within the network. |
|
Top five initiators or destination locations by connections or sessions by total data transferred (bytes). |
The top five initiators or destinations for the most network connections or sessions are listed, which can help identify traffic patterns based on the volume of data. This can help identify where the majority of data transfer occurs, which is crucial for network capacity planning. |
| Top five initiators or destination locations by connections or sessions. |
The top five initiating or destination locations based on connections or sessions are listed. Understanding these patterns can help identify network traffic trends.
|
| Requesting data in relative time frames. |
The data for specific time frames to meet your analysis needs, such as the last 1 hour, 24 hours, or seven days, are listed. This allows you to monitor network activity and identify trends or anomalies. |
| Requesting data across different scopes. |
The data for the entire tenant, a specific group, or a particular firewall are listed, allowing for targeted analysis and troubleshooting. |
