Visualizer
Visualizer is a traffic and Threat reputation analysis tool in Xshield. Visualizer is built for a sky-view of the network traffic between the managed (assets) and discovered resources. It proves to be a useful tool for Production networks and networks in the Policy simulation mode to quickly check Zero Trust enforcement status, analyze traffic and its Threat reputation and make quick changes to the Xshield groups.
Visualizer page
Visualizer is available on the Visualizer page in the Xshield UI. The initial data shown in Visualizer is capped to the last 30 minutes. Use apt filters to get a focussed view of data for traffic analysis.
Groups
The landing view in Visualizer is a topology of groups that nest Xshield Groups and other groups of managed and discovered resources. Some of the nested groups are Workload Groups, Endpoint Groups, Private Networks, Domains, and Link-Local. Groups display the number of nested groups or the resources in the nested groups. All groups are seen as distinct bubbles.
| group | Description |
| Workload Groups |
Workload groups in the instance |
| Endpoint Groups |
Endpoint groups in the instance. |
| Domains |
grouped domains (Domain groups) in the instance. Use View filter for a Category-level grouping. |
| Private Networks |
discovered private resources grouped to Private Network groups in Xshield. Use View filter for a subnet-level view. |
| Public Networks |
discovered public resources grouped to Public Network groups in Xshield. Use View filter for a Geo-location view. |
| Cloud Managed |
AWS and Azure assets managed without Xshield agents |
| Private Managed |
managed private resources in Xshield that are not part of an Xshield group |
| Public Managed |
managed public assets in Xshield that are not part of an Xshield group |
| Multicast Discovered |
discovered multicast resources with IP addresses in the range specified by RFC 5771 |
| Link Local |
discovered multicast resources with IP addresses in the range specified by RFC 3927 |
Views
In Visualizer, you can see your network traffic at three different levels - Global, Group-level, and Asset-level.
GlobalFor a new login session to Xshield, this is the landing view.
Group-levelThis is an expanded view of the groups to see the nested groups. This applies to both Xshield groups and other groups of managed and discovered resources.
Asset-levelThis is an expanded view of groups to see the assets in the expanded groups.
|
|
Network traffic
Network traffic and Access path lines are seen for all Visualizer views. Traffic lines are colored by the Policy action or the success of the traffic flow. An instance-level setting for Color accessibility mode can also be used to see lines in colors favorable to users with protanomaly and/or deuteranomaly.
| Normal mode | Description | Accessibility mode |
| Green |
Authorized traffic allowed by Xshield policies |
Magenta |
| Red |
Unauthorized but allowed traffic because policies are not enforced |
Brown |
| Dotted Red |
Blocked attempts that were blocked by policies |
Dotted Brown |
| Dotted Green |
Traffic allowed by the policies but denied due to other reasons |
Dotted Magenta |
| Orange |
A mix of one or more of the Authorized, Unauthorized, and Blocked traffic |
Orange |
| Grey |
Default color when traffic is not seen in the Zero Trust Mode |
Grey |
| Blue |
Allowed access paths (Xshield Access policies, both observed and enforced) in the network |
Blue |
Allowed access paths (Blue) are seen only when the Allowed paths Traffic filter is set. All other lines (traffic by Policy action) are seen when you set the Zero Trust Mode filter.
Details panel
At any point in time during the traffic analysis, click a group or asset to see its details in the fly panel on the right.
|
|
Controls
Tune the Visualizer view to see the groups and assets clearly.
-
Click, hold and move the mouse to move the topology.
-
Use the Zoom slider to zoom in or zoom out of the view.
-
Click and hold a group or asset, and move it to avoid overlaps.