Network

OT Security monitors all activity in your network and shows this information in the Network page.

OT Security shows the network data on three separate windows.

  • Network Summary— Shows an overview of the network activity.

  • Packet Captures — Shows a listing of the PCAP files captured by the system.

  • Conversations — Shows a list of all conversations detected in the network, with details about the time they occurred, involved assets, and so on.

Network Summary

The Network Summary screen shows visual graphs that summarize the network activity. You can set the timeframe for which the page shows the data. You can also interact with the widgets to show additional details.

The screen includes four widgets:

  • Traffic and Conversations over Time — A graph showing the volume of traffic in GB/MB and the number of conversations over the network.

  • Top 5 sources — A bar chart showing the five source assets that initiated the most network activity. For each source, the bars represent the volume of traffic. When you hover the cursor over the graph, the tooltip shows the number of conversations.

  • Top 5 destinations— A bar chart showing the five destination assets that received the most network activity. For each destination, the bars represent the volume of incoming traffic. When you hover the cursor over the graph, the tooltip shows the number of conversations.

  • Protocols — A bar chart showing the communication protocols used in the network, ordered by frequency. For each protocol, the graph displays its rate of use (as a percentage of the total traffic) and the volume of traffic.

Set the Timeframe

The Network screen displays all data that represent activity in the network during a specified timeframe. The header bar shows the range of time for the current data display. The default timeframe is for the Last 15 minutes. The header bar shows the Start and End times of the selected timeframe.

To set the timeframe:

  1. In the header bar, click timeframe selection. The default is Last 15 Minutes.

    The drop-down box lists the timeframe options.

  2. Select a time range using one of the following methods:

    • Select a preset time range by clicking the desired range. Options are: Last 15 Minutes, Last 1 Hour, Last 4 Hours, Last 12 Hours, Last Day, Last 7 Days, or Last 30 Days).

    • Set a custom time range:

      1. Click Custom.

        The Custom Range window appears.

      2. Provide the Start Date, Start Time, End Date, and End Time in the appropriate boxes.

      3. Click Apply.

        Once you set timeframe, the header bar shows the start and end date/time next to the timeframe selection. OT Security refreshes the screen to present only data within the chosen timeframe.

Traffic and Conversations over Time

A line graph displays the volume of traffic (measured in KB/MB/GB) and the number of conversations that took place in the network over time. The legend key appears at the top of the graph.

To display data for a specific time segment:

  1. Hover over a point on the graph to display a pop-out window with specific data about the traffic and conversations that took place during that time segment.

    Note: The length of the time segment is adjusted according to the time scale displayed in the graph. For example, a 15-minute timeframe data shows each minute separately, while a 30-day timeframe shows the data for 6 hour segments.

Top 5 Sources

The Top 5 Sources widget shows the number of conversations and the amount of traffic for each of the top 5 assets that sent communications through the network during the specified timeframe.

The source assets are identified by their IP addresses. Hovering over a bar graph shows the number of conversations and volume of traffic coming from that asset.

Top 5 Destinations

The Top 5 Destinations widget shows the number of conversations and amount of traffic for each of the top 5 assets that received communications through the network during the specified timeframe.

The destination assets are identified by their IP addresses. Hovering over a bar graph shows the number of conversations and volume of traffic that asset received.

Protocols

The Protocols widget shows data about the usage of various protocols for communication within the network during the specified timeframe.

The protocols rank from most used (top) to least used (bottom). Each protocol shows the following information:

  • A bar graph showing the rate of usage, with a full bar indicating the top usage and partial bars indicating the extent of usage relative to the top used protocol).

  • Percentage of usage.

  • Total volume of communication.