Skip to content

Connections Report

The Network Connection (Network Flow Chart) report displays data about established network connections collected from the devices under management. Each connection has the following main characteristics:

  • local side of the connection (network address and port on the local device)

  • foreign side of the connection (address and port on the remote device)

  • protocol (such as IPv6 or IPv4)

  • process on the local device serving the connection (such as sshd or database server)

  • the owner of the process.

The Connections Report is only populated and Chart Types visible after at least one connections task has been completed and connection data discovered from the asset(s). This connection data can be discovered by executing one of the following scripts, as configured as a task, on the asset or asset type's task list.

  • Windows Object Connections - used for Windows based endpoints to collect connection data at the time of script execution.
  • Linux Connections - used for SSH based endpoints to collect connection data at the time of script execution.
  • Windows Log Connections - used for Windows based endpoints to collect connection data from the native Windows Firewall logging enabled on each endpoint. Please review the Native O/S Firewall Logs article for more information about this option.
  • Linux Log Connections - used for SSH based endpoints to collect connection data from the native Linux Firewall logging enabled on each endpoint. Please review the Native O/S Firewall Logs article for more information about this option.

Report controls

The Filter control enables users to refine report rows based on specified search criteria.

The Pagination control enables users to navigate between report pages, adjust page size, and view the total number of rows alongside the current rows displayed on the page.

The Sort control is indicated by up or down arrows next to sort-able report column names when hovering over them. Clicking on the sort control will refresh the report, applying either ascending or descending sorting based on the current selection visible on the active sort column.

The Column filter control, represented by a funnel icon next to report columns that support filtering, is located to the left of the column title. It presents filtering options specific to each selected column. The current filter selection for a column is displayed in the Conditions box at the top right corner of the report. The funnel icon corresponding to the active filter column is highlighted in the report header. Use the "Clear Filters" button to reset all filter controls to their default values.

The Export control allows users to download report data in their chosen format (CSV or PDF). If specific report rows are selected using checkboxes on the left side of each row, the exported file will only include these selected rows. Otherwise, it will include all rows that meet the current filter and search criteria.

The Details control allows expanding each row to display all fields, including those not initially selected for the tabulated report columns.

The Include in List / Exclude from List control allows users to add or remove a field from the list of columns displayed in the tabulated report. This control is represented by an indicator (a green check mark for included columns or a red cross for excluded ones) located to the right of the field name within the expanded details panel of the report. Clicking on the indicator updates the visibility of the column in the list accordingly.

Visualization Options

The collected Connections data can also be visualized using the builtin Chart Type and Chart Data selectors.

To view the collected data in a graphical form, use the Select Chart Type control and select between:

  • None: selecting this option will disable the graphical view and only the collected data will shown in the table.
  • IP: selecting this option will display the hosts traffic relationship, including Inbound and Outbound connections, between each other, regardless of Port.
  • Port: selecting this option will display the hosts traffic relationship, including Inbound and Outbound connections, between each other over specific Ports.

To included assets, with or without connection data, use the Select Chart Data control and select between:

  • Connections Chart: selecting this option will only display nodes in this container scope that have captured connection data (in-bound or out-bound traffic).
  • Assets Chart: selecting this option will display all nodes in this container scope regardless of captured connection data (in-bound or out-bound traffic). Even though a node may not have connection traffic, this chart data type is useful when previewing or building policies as it may include these nodes as Selector or Source assets.

Tips

  • To drill down to a sub-container's Connections Report, use the drop-down menu to the right of the Asset Connections breadcrumb.
  • To zoom in or out, place your mouse over the chart and use your scroll wheel. Click the Lock button or Ctrl + Z to lock the pan and zoom to its current position.
  • To reposition the chart, click and hold your mouse pointer on the chart and use your mouse to reposition it. Release your mouse to place the chart in its new position. Click the Reload button to return the chart to its initial size and position.
  • To reposition the asset dialog popup, click and hold your mouse pointer on the dialog box and use your mouse to reposition it. Release your mouse to place the dialog in its new position.
  • To expand the margins, open the Settings panel (gear icon on the bottom right of the screen) and switch the Container Option from Boxed to Full.
  • To create an external image file (.svg) of the Connections Report, click the Export to SVG button or use the Ctrl + E keyboard shortcut.