Cisco Cisco Firepower Management Center 4000
16-23
FireSIGHT System User Guide
Chapter 16 Working with Connection & Security Intelligence Data
Working with Connection Graphs
The graph is redrawn, centered on the point you clicked, with the time span you selected.
Selecting Data to Graph
License:
Any
You can display different data on a connection graph by changing either the x-axis, the y-axis, or both.
Note that on a pie chart, changing the x-axis changes the independent variable and changing the y-axis
changes the dependent variable. For example, consider a pie chart that graphs kilobytes per port. In this
case, the x-axis is
changes the dependent variable. For example, consider a pie chart that graphs kilobytes per port. In this
case, the x-axis is
Responder Port
and the y-axis is
KBytes
. This pie chart represents the total kilobytes of
data transmitted over a monitored network during a certain interval. The wedges of the pie represent the
percent of the data that was detected on each port. If you change the x-axis of the chart to
percent of the data that was detected on each port. If you change the x-axis of the chart to
Application
Protocol
, the pie chart still represents the total kilobytes of data transmitted, but the wedges of the pie
represent the percentage of the data transmitted for each detected application protocol.
However, if you change the y-axis of the first pie chart to
Packets
, the pie chart represents the total
number of packets transmitted over the monitored network during a certain interval, and the wedges of
the pie represent the percentage of the total number of packets that was detected on each port.
the pie represent the percentage of the total number of packets that was detected on each port.
Follow the directions in the following table to change the x-axis of a connection graph.
Follow the directions in the following table to change the y-axis of a connection graph.
Table 16-6
X-Axis Functions
To graph connection data...
You can...
by the 10 most active application protocols on the monitored network
based on the number of detected connection events
based on the number of detected connection events
click
X-Axis
and select
Application Protocol
.
by the 10 most active managed devices on the monitored network
based on the number of detected connection events
based on the number of detected connection events
click
X-Axis
and select
Device
.
by the 10 most active host IP addresses on the monitored network
based on the number of connection events where that host IP address
initiated the connection transaction
based on the number of connection events where that host IP address
initiated the connection transaction
click
X-Axis
and select
Initiator IP
.
by the 10 most active users on the monitored network based on the
number of connection events where the host where the user is logged
in initiated the connection transaction
number of connection events where the host where the user is logged
in initiated the connection transaction
click
X-Axis
and select
Initiator
User
.
by the 10 most active host IP addresses on the monitored network
based on the number of connection events where that address was the
responder in the connection transaction
based on the number of connection events where that address was the
responder in the connection transaction
click
X-Axis
and select
Responder
IP
.
by the 10 most active ports on the monitored network based on the
number of detected connection events where the host was the
responder in the connection transaction
number of detected connection events where the host was the
responder in the connection transaction
click
X-Axis
and select
Responder
Port
.
by the 10 most active source devices, which include
NetFlow-enabled devices that exported the connection data for the
connections, plus a source device named FireSIGHT for all
connections detected by Cisco managed devices
NetFlow-enabled devices that exported the connection data for the
connections, plus a source device named FireSIGHT for all
connections detected by Cisco managed devices
click
X-Axis
and select
Source
Device
.
over time
click
X-Axis
and select
Time
.