Security Sightings report

The Security Sightings report contains the following:

• Connections summary - total number of connections, number of unauthorized connections, number of blocked connections, number of connections to or from entities on the public Internet with a high threat reputation, number of connections from the Internet, number of connections to the Internet, and the number of connections between the environments in your network.

• Inbound unauthorized connections - total number of unauthorized inbound connections, a horizontal Bar chart that lists the top 5 unauthorized inbound connections, list of destination resources to which unauthorized inbound connections were made, and the amount of data received, and the number of sources that made these connections.

• Outbound unauthorized connections - total number of unauthorized outbound connections, a horizontal Bar chart that lists the top 5 unauthorized outbound connections, list of source resources that made unauthorized outbound connections and the amount of data sent, and the number of destinations to which the source resources made these connections.

• Inbound blocked connections - total number of blocked inbound connections, a horizontal Bar chart that lists the top 5 blocked inbound connections, list of destination resources to which inbound connections were blocked, and the number of source resources that tried to connect.

• Outbound blocked connections - total number of blocked outbound connections, a horizontal Bar chart that lists the top 5 blocked outbound connections, list of source resources whose outbound connections were blocked, and the number of destinations to which the source resources tried to connect.

• Unsafe inbound connections from the Internet - total number of unsafe inbound connections, a Pie chart that lists the percentage of unsafe inbound connections by the type of threat the entity on the Internet poses, list of destination resources to which the high threat reputation entity connected, amount of data received severity and type of threat, the domain name or IP address and geographical location of the entity.

• Unsafe outbound connections to the Internet - total number of unsafe outbound connections, a Pie chart that lists the percentage of unsafe outbound connections by the type of threat the entity on the Internet poses, list of source resources which connected with the high threat reputation entity, amount of data sent, severity and type of threat, the domain name or IP address and geographical location of the entity.

• Connections from the Internet - total number of connections, a Pie chart that lists the percentage of connections by the protocols the connections used, list of services and protocols that made inbound connections from the Internet, the amount of data received, and the number of resources that made these connections.

• Connections to the Internet - total number of connections, a Pie chart that lists the percentage of connections by the protocols the connections used, list of services and protocols that made outbound connections to the Internet, the amount of data sent, and the number of resources that made these connections.

• Connections between environments - total number of environments that exchanged traffic, the total number of connections and data they transferred, a Chord chart, and the amount of traffic and number of connections for every combination of environments that exchanged traffic.

Generate and download the Security Sighting report

All instances of reports that you generate are available for download as PDFs unless you delete them.

Limitations

As the volume of records ingested in the system increases, the report generation process becomes CPU intensive, eventually leading to huge delay in report generation time or timeouts. 

The data compilation for report generation status and time taken against number of records in the system is listed in the table below: