Our previous blog on advanced security analytics module
would have given you a general idea of what ASAM does? Pre-requisites for ASAM
module and more.
Now this blog will help you understand the new dashboard available for the
security analytics module. This version of security analytics in NetFlow
analyzer has the dashboard with four different reporting options.
The different reporting options are as follows:
1) Security Posture
2) Problem Analysis
3) Offenders & Targets
4) Resource Analysis
Security Posture :-
Displays the top problem classes and their composite sub-problems. It also
lists the number of events and unique resources involved for each problem.
Click on the problem name or the number of resources beside the problem to go
to the problem analysis tab. You can also click on the number of events beside
the problem name to directly shift to the Event list page. From the event list
page you can start troubleshooting the Network.
Problem Analysis :-
Displays the top problem names and the unique resources involved. It also lists
the number of events and the problem caused by a specific resource.
Offenders & Targets :-
Displays the top algorithm types and the unique resources involved. The
algorithms available in this version of NetFlow Analyzer are destination based
aggregation, source based aggregation and router based aggregation.
This Offenders & Targets report also lists the number of events and
distinct problems. Click on the resource name or the number of problems to go
to the resource analysis tab.
Resource Analysis :-
Displays the top resources and the problem. It also lists the number of events
of the problem caused by each resource.
We also have the filter options for all the above mentioned reports in
dashboard. we can apply filters through which we can generate all the four
reports based on specific criteria which depends on what we would like to
identify. A given set of parameters and thresholds are completely configurable
which provides flexibility to choose the depth at which we would like to
analyze our problems.
Click on the “Show Filter” button to view the filters.
You can filter the events based on:
1) Period: For any selected time period from last hour to last month.
The custom time option can be used to generate reports for a specific time
2) Status: Denotes the status of the event on whether it is open,
closed, or ignored. You can also choose “all” to select all the
You can also choose to match all or any of the filter criteria, given below a
screenshot of the filters.
More about aggregation and different Classes will be explained in our next blog
You can download the 30 day trial from here.
NetFlow Analyzer Technical Team
The original article/video can be found at Taking the Advanced Security Analytics to the next level