Filter data in Visulizer

Filter data in Visualizer to see a focused view of groups, assets, and network traffic. For instances that handle large volumes of network traffic, filters (particularly the Time filter) can considerably shorten the response times to display data. In Visualiser, you can filter data by a time window, by groups, by nature of traffic (services, ports, and protocols), and even by assets and their attributes.

Time filter

Time filter is a global filter in Xshield. In Visualizer, you can use this filter to filter data for the last 30 minutes, 1 hour, 24 hours, or 7 days. For operations that need data prior to the last seven days, use Flow Explorer.

Asset filters

Asset filters (in general) provide for a filtered view of the workloads and user assets managed from the instance. Asset filters filter assets by factors such as the assets' attributes and the CVSS vulnerabilities found on them during vulnerability scans.

Asset filters are not built into Visualizer but apply to Visualizer and filter data in Visualizer. In Visualizer, Asset filters provide a filtered view of the traffic flows for the filtered list of assets.

View filters

View filters are built into Visualizer. These filters limit the data in Visualizer to the groups of your preference. Some of the filter options also help you see groups by a different rationale. For example, Public Networks in Geolocations and Network Groups views).

The following types of Groups can be added or removed from the Visualizer view - Endpoint groups, Workload groups, Private Managed, Public Managed, Cloud Managed, Private Networks, Public Networks, Domains, Multicast Discovered, and Link-Local.

  1. In Visualizer, click the Filters icon (above the Zoom slider), and click the View tab.

  2. Do the following in the Filters panel.

    1. Turn ON or turn OFF the toggle switches for Managed resource groups and Discovered resource groups.

    2. (Optional) For Private and Public Networks and Domains, see groups in different views. For example, Categories view and Domain Groups view for Domains.

Traffic filters

Traffic filters are built into Visualizer. Traffic filters filter Internet traffic and traffic between managed and discovered resources by the following factors ( Traffic tab in the Filters panel):

  • Xshield Policy action on the traffic - turn ON the Zero Trust Mode filter to see colored traffic lines. The lines are colored based on the action taken by the policy. Traffic that is currently not bound by policies is also displayed. See the Legends link in Visualizer for the actual colors. 

  • Threat reputation of Internet resources as per Xshield Threat Intelligence service - turn ON the Reputation filter to see Red lines for traffic with malicious Threat reputation. Additionally, select Show Malicious Reputation to see a focused view only malicious Threat reputation traffic (Red lines only).

  • Services, ports, and protocols used for the sessions - add one or more services or protocols to further filter the data in Visualizer.    

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.