Network

OT Security monitors all activity in your network and shows the data on the following pages:

  • Network Summary— Shows an overview of the network activity.

  • Packet Captures — Shows a listing of the PCAP files captured by the system. See Packet Captures.

  • Conversations — Shows a list of all conversations detected in the network, with details about the time they occurred, involved assets, and so on. See Conversations

To access the Network page:

  1. In the left navigation pane, select Network.

    The Network Summary page appears.

Network Summary

The Network Summary page shows visual graphs that summarize the network activity. You can view the data for a specific timeframe.

Interact with the following widgets to view additional details.

A line graph displays the volume of traffic (measured in KB/MB/GB) and the number of conversations in the network over time. The legend key appears at the top of the graph. Hover over a point on the graph to display specific data about the traffic and conversations during that time segment.

Note: The length of the time segment is adjusted according to the time scale displayed in the graph. For example, a 15-minute timeframe data shows each minute separately, while a 30-day timeframe shows the data for 6-hour segments.

The Top 5 Sources widget shows the number of conversations and the volume of traffic for each of the top five assets that sent communications through the network during a specific timeframe. You can identify the source assets by their IP addresses. Hover over a bar graph to see the number of conversations and volume of traffic coming from that asset.

The Top 5 Destinations widget shows the number of conversations and amount of traffic for each of the top five assets that received communications through the network during the specific timeframe. You can identify the destination assets by their IP addresses. Hover over a bar graph to see the number of conversations and volume of traffic that the asset received.

The Protocols widget shows data about the usage of various protocols for communication within the network during a specific timeframe.

The protocols rank from the most used (top) to least used (bottom). Each protocol shows the following information:

  • A bar graph with the rate of usage, with a full bar indicating the top usage and partial bars indicating the extent of usage relative to the top used protocol.

  • Percentage of usage.

  • Total volume of communication.

Set the Timeframe

The Network Summary page displays data that represent network activity during a specific timeframe. The header bar shows the range of time for the current data display. The default timeframe is for the Last 15 minutes. The header bar also shows the Start and End time of the timeframe.

To set the timeframe:

In the header bar, click the timeframe drop-down. The default is Last 15 Minutes.

The drop-down box lists the available options.

Select a time range using one of the following methods:

  • Select a preset time range by clicking the required range. Options are: Last 15 Minutes, Last 1 Hour, Last 4 Hours, Last 12 Hours, Last Day, Last 7 Days, or Last 30 Days).

  • Set a custom time range:

  • Click Custom.

    The Custom Range window appears.

  • Provide the Start Date, Start Time, End Date, and End Time.

  • Click Apply.

    After you set the timeframe, the header bar shows the start and end date/time next to the timeframe selection. OT Security refreshes the page to show data within the chosen timeframe.