SAMI Feature Guide

Technical Documentation>  SAMI Query Examples for Effective Interaction>  Conversational Traffic Analytics via NSM SaaS>  Examples of Conversational Traffic Analytics through the NSM SaaS platform>  Retrieving Information from NSM SaaS for Target Specific
Table of Contents

Retrieving Information from NSM SaaS for Target Specific

Here is an example of how to analyze the activities of a particular entity on the network using SonicWall AI for Monitoring & Insight (SAMI). This entity could be identified by an IP address, a domain name, or a URL. This approach helps to keep the network secure while also allowing for a focused examination of specific areas of interest or concern.

Example Scenario: Investigating Suspicious Activity

If you have noticed unusual traffic on the network and identified a suspicious IP address: xxx.xxx.x.xx, you may want to investigate the activities associated with this IP, assess whether it poses a security threat, and understand its interactions with your network. Here is how you can proceed:

  1. In SAMI text box, enter, the type of analytics you need for information on the suspicious IP address under investigation.

     You can request four types of analytic information.

    • User Analytics- Who is the user behind this IP? Is it an internal IP assigned to one of your employees, or is it an external user accessing your network?
    • Network Analytics- What kind of network traffic is associated with this IP? Is there a high volume of data being transferred, or are there any unusual access patterns?
    • Threat Analytics- Is there any threat associated with this IP address? Are there any known vulnerabilities or ongoing attacks originating from it?
    • Application Analytics- What applications is this IP accessing? Are these critical to your business or potentially malicious?

      SAMI interprets the request and displays the identified data, which includes user or network or threat or application related information.

  2. In SAMI text box, enter, the specific entity you need for information.

    You can request for these types of specific entity.

    • Whole Tenant- To understand the activity of this IP address across the entire network.

    • Specific Group- To understand the activity of this IP address within a particular department or segment of the network that this IP has interacted with.
    • Specified Firewall- To understand the activity of this IP address on the traffic that has passed through a specific firewall, in order to potentially isolate and understand attack vectors.

      SAMI interprets the request and displays the identified data for specific entity.

By conducting this targeted investigation, you are able to:

  • Quickly identify and assess potential threats.
  • Understand the nature of the suspicious activity.
  • Make informed decisions about responding, such as blocking the IP, tightening security measures, or further monitoring the situation.