Skip to content

Connections Report Actions

By utilizing the visual components of a Container or Asset's Connections Report, especially the IP and Ports charts, users can significantly improve their ability to create and develop new objects based on the network flow chart. For example, tasks like adding new services, creating and tagging assets, or setting up segmentation policies are simplified when users can visualize the traffic and port connections between hosts. This method builds a strong foundation for further development.

Note

Connection chart types are only available when accessing the Connections Report directly from either a Container or an Asset.

Role Requirements

Viewing and performing actions with the Connections Reports requires the user to have specific roles assigned, as outlined below.

  • To view and perform actions a user must have both Space Role: Asset Manager and Space Role: Segmentation Managerroles assigned to their account. We recommend assigning this Space Role permission set to those accounts who will be accessing and using the Connections Report to build and manage segmentation policies.
  • To have view only access to the Connections Report, the user may have Space Role: Auditor assigned to their account.
  • For view and perform actions to the Connections Report, as well as all other areas of the platform, the user may have Space Role: Administrator assigned to their account. We suggest assigning the Administrator role only to trusted accounts that require full management of the platform, rather than to those who only need access to view and interact with the Connection Report.

Accessing Assets

Each node of the chart represents an individual asset, a specific port on an individual asset, or a host where traffic flow occurs but does not have an associated asset in 12Port, within this container scope. From each of these chart Nodes, you may:

  • Hover your mouse over the Node name to reveal more information including Name, IP, Port number, Inbound/Outbound connection count and more.
  • Click on the Node name to open the (read-only) Asset View representing this node. You may also access more options from this Asset View including adding new services, adding tags, building policies or accessing the asset for editing.
    • Click on the Go To Asset button to navigate away from this chart and to the Asset page.
    • Click on the Add Service button (Port chart type only) to create a new service based on this node's inbound port.
    • Click on the Add to Collection button to create a temporary grouping of assets that can be used for bulk actions like tagging.
    • Click on the Add > <Asset Type> option to create an asset using the selected Asset Type from this non-asset node.

To display asset nodes within the container scope that lack captured connection data, use the Select Chart Data selector and choose the Assets Chart option. These assets will appear as nodes, but will not show any inbound or outbound traffic flow until its connection data is collected.

Note

This view is helpful when previewing or building policies, as it will generate a more complete understanding of Selector and Source assets using their tags, even though the assets may currently lack captured connection data.

In the example above, the DevOps node is included because the Chart Data is set to Assets Chart, and this asset currently lacks collected Connection Data. If the Chart Data were set to Connections Chart instead, this node would not be visible.

Now that this DevOps asset node is visible, it can be used for tagging, versioning, previewing and building new policies, and more.

Tips

  • To drill down to a sub-container's Connections Report, use the drop-down menu to the right of the Asset Connections breadcrumb.
  • To zoom in or out, place your mouse over the chart and use your scroll wheel. Click the Lock button or Ctrl + Z to lock the pan and zoom to its current position.
  • To reposition the chart, click and hold your mouse pointer on the chart and use your mouse to reposition it. Release your mouse to place the chart in its new position. Click the Reload button to return the chart to its initial size and position.
  • To reposition the asset dialog popup, click and hold your mouse pointer on the dialog box and use your mouse to reposition it. Release your mouse to place the dialog in its new position.
  • To expand the margins, open the Settings panel (gear icon on the bottom right of the screen) and switch the Container Option from Boxed to Full.
  • To create an external image file (.svg) of the Connections Report, click the Export to SVG button or use the Ctrl + E keyboard shortcut.

Locating Assets

When Connection reports become quite large or busy, it may be difficult to locate specific nodes. The built-in Search query helps discovering asset nodes in the connections charts quickly and easily.

Using the Search bar located above the chart, you may perform the following search queries.

Connections Report Chart Search Bar

Query searches are used to enter a text string query to locate assets nodes in the chart that contain this string. All nodes with this string currently in its Name, Description, Host, User, Tags or any other non-secure custom field will be highlighted in the chart.

To locate an asset node(s) by its Name, Description or any non-secure value, from the search bar above the chart, select the Query type and enter your search criteria in the next field. Press the Enter button or click the Search button to begin the search.

Asset nodes in the chart that match the search query will have a red dot appear along the chart's ring.

Connections Report Search Query Type

Policy searches are used to select an existing Segmentation Policy, by name, and have its elements represented in the Connections Report. The nodes represented with a red dot are those found in the policy as Selector assets and when one is hovered over, nodes with appearing green dots are those found in the policy as Source asset(s) for this Selector asset.

For more information about this Policy search type, continue reading the Policy Queries section on this page.

Connections Report Search Policy Type

Service searches are used to locate asset nodes where collected traffic connectivity occurred over a specific Port. Enter the Port name (i.e. RDP), Port number (i.e. 3389) or use the Service selector to choose a Service to identify on the current chart.

Asset nodes where this Service (i.e. RDP (3389/tcp)) appeared in traffic collection, are highlighted on the chart with a red dot.

Connections Report Search Service Type

Analytical Model searches are used to load any analytical model that has been built. When the Analytical Model is loaded, the assets highlighted with red dots are those that are grouped in each cluster based on the model's algorithm and its defined configuration.

To view a model, from the search bar above the chart, select the Analytical Model to load, select the model Name, and select the cluster Name.

Connections Report Search Analytical Model

Taxonomy searches are used to pick a term from the chosen Taxonomy that is used for search. Use the Taxonomy Picker to select or begin typing the Taxonomy Term and use the Type Ahead picker to select the term for search. All assets currently tagged with the selected term in its Tags field will be highlighted in the chart.

To locate an asset node(s) by its applied Tag, from the search bar above the chart, select the Taxonomy to search and enter your Tag in the next field. Press the Enter button or click the Search button to begin the search.

Asset nodes in the chart that have this Tag applied, will have a red dot appear along the chart's ring.

Connections Report Search Taxonomy Type

Search Types

The Search Type selector allows the search results to be presented in the chart by including all nodes or only relevant nodes.

The following options are available when using the Search Type selector:

  • Search: when the Search option is selected, the nodes of the search results will be highlighted on the chart and all remaining assets will also be displayed. Connections Report Search Type Search
  • Filter: when the Filter option is selected, the nodes of the search results will be highlighted on the chart and only the remaining nodes that have network connections with these searched nodes will be shown, whereas the rest will be filtered out. This generates a view of the searched nodes and only those that have connectivity. Connections Report Search Type Filter

Multi-Condition Searches

To further refine Search queries, click the + (plus) button to add an additional query condition to the search. Each defined search condition are combined by the AND predicate, meaning search condition A AND search condition B are used to locate assets in the chart. Conversely, click the - (minus) button on an additional parameter to remove it from the search.

Connections Report Search Query with Multiple Conditions

Note

Policy queries cannot be included in multi-condition searches. When a Policy is selected as the first condition, the option to add additional conditions is unavailable and if another Search query type is selected first, then the Policy query type will be unavailable as a secondary condition.

Adding New Assets

If a node in the chart, IP or Port, is represented by either its IP address or its Hostname (10.20.0.22 or ec2-17-127-186-103.us-east-1.compute.amazonaws.com) as opposed to an Asset Name, then it indicates there is not an associated asset in 12Port that manages this host. However, a new asset for this node can be created easily, directly from the chart view.

To create a new Asset for this type of node:

  1. Click on this node name and select the Add option.
  2. From its dropdown, choose the Asset Type that will be used when creating this new asset. Connections Report Add New Asset
  3. Populate the values for this new asset as required and finally, click the Save (created as major version) or Save Draft (created as minor version) button to create the new asset.

Once the save operation is finished, the new asset will represent this node in the chart and the Add option will be replaced by the Go To Asset button.

Note

If a Parent Container is not defined during asset creation, the asset will be created in the container from where the Connections Report was first accessed. If the Connections Report was first accessed from an Asset, rather than a Container, then the Parent Container field must be populated with a valid container.

Adding Non-Assets Hosts to Network Location Assets

The ability to aggregate non-asset hosts into fewer Network Locations through visual representation helps simplify these Connection Reports charts by reducing the number of displayed objects. This feature also streamlines the visualization of microsegmentation policy design by grouping multiple outbound connections into a smaller set of network location assets.

Connection Reports Non-Asset Nodes Highlighted

To add non-asset nodes to network locations assets:

  1. Click on the first non-asset node (10.20.0.22 in the screenshot above) and select the Add to Collection option or Shift + Click on the Node to add it straight to the collection.
  2. If you want to perform this operation in mass with multiple non-asset nodes, repeat this process on all other non-asset nodes (10.20.0.23 and 10.20.0.24 in the screenshot above) to include in this aggregation using their respective Add to Collection option or Shift + Click on the Node(s) to add it straight to the collection.
  3. When all non-asset nodes are added into the collection, scroll down to the Collection section of this report and choose the Actions > Add to Network Location option. Collection Option Add to Network Location
  4. Choose between the options to Add to Existing Network Location or Create New Network Location. Select Network Location Dialog
    • If Add to Existing Network Location is selected, select the existing network location asset by name from the Network Location drop-down menu, then click Next to continue. Confirm the Asset values on this existing Network Location asset, (the IP addresses of the non-asset nodes in this Collection will automatically be added to the Included field of this existing asset) make any necessary changes if required, and click Save or Save Draft to complete this operation.
    • If Create New Network Location is selected, click the Next button to continue and then populate the values of this new Network Location asset (the IP addresses of the non-asset nodes in this Collection will automatically be added to the Included field of this new asset). When finished, click Save or Save Draft to complete this operation.
  5. After the save operation, the chart will update and these selected non-asset nodes will no longer be seen as individual nodes, but rather they will be aggregated into the New or Existing Network Location asset as Included IP addresses, as configured in the previous step.

Connection Reports After Node Aggregation into Existing Network Location Asset

Adding New Services

From the Port chart type, you may visualize the traffic flow using specific ports between assets. If an in-bound connection over a port has not yet been created in 12Port Horizon as a Service, the port number may be represented in the chart within parenthesis. As an example, if in-bound traffic to this host is occurring over port 636, the node name may be represented in the following ways:

Connections Report Port Chart with Hover Over

  • <host>:636 - this format indicates that a Service has not been created to identify this port.
  • <host>:(ldaps) - this format indicates that a Service has not been created to identify this port, but 12Port Horizon believes this to be LDAPS traffic over port 636. Creating a Service for this port will overwrite the default 12Port Horizon mapping for non-defined ports. When opening the Asset View, this will be represented as Known As: ldaps.
  • <host>:Secure LDAP - this format indicates that a Service named Secure LDAP exists that identifies the specific port 636. When opening the Asset View, this will be represented as Service: Secure LDAP.

Note

Nodes with outbound traffic will be shown with an asterisk * as the port identifier. This represents that multiple ports on this host may be allowing outbound traffic. <host>:*

For ports that have not yet been defined as Services, you can create them directly from this chart. To use this chart to create a new service:

  1. Click on a node name where the port has not yet been identified, meaning either the port number is shown or a port name identifier appears in parenthesis.
  2. This opens a new dialog for this node, including corresponding values from the Asset with options along the bottom. Click the Add Service button. Connections Report Add Services Option
  3. On the next page, populate the Add Service dialog as required. The Port parameter will pre-populate with the values from the selected node (636 in our example), so only the Name, and optional Description, is required. Connections Report Create Service Form
  4. Click the Save button to complete the operation.

After the Service is saved, the chart will update with this new port 636 identifier <host>:Secure LDAP.

Connections Report Port Chart with Port Identifier

Managing Tags

Asset tags can be applied or removed, optionally in bulk, by accessing these asset representing nodes from the Connection charts, IP or Port chart types. This allows users to make more visual based evaluations when determining which tags to apply to specific assets. For example, you can identify and select multiple node assets named SharePoint Server, with specific in-bound or out-bound traffic, and apply a tag like Application: SharePoint or Application: SharePoint Dev to each.

Note

When accessing these nodes, for the purpose of managing tags, from the Port chart type, it is possible that a single node will be visually represented as multiple nodes if several ports were accessed for in-bound or out-bound traffic of this host. You only need to select one of these Host nodes when applying or removing tags.

Applying tags to selected Nodes

  1. Using either the IP or Port chart, select an asset by clicking on the Node that represents this host or Shift + Click on the Node(s) to add it straight to the collection.
  2. From the Asset View dialog that appears, click the Add to Collection button along the bottom. Connections Report Add to Collection Button
  3. Repeat this process for each additional node that you wish to apply the same tags to.
  4. When all nodes have been added to the collection, scroll below the chart and a new Collection section will be present. From this Collection section, click Actions > Tag. Collection Tag Action
  5. On the Select Terms to Add dialog, select the tag(s) that you want to apply to all the assets in this collection and click the Select button to apply the tags. Apply Tags to Collection

After the tag operation has completed, you can click on each asset Node again and observe that the tag is now present in the Tags field.

Note

Adding a tag creates a new minor version of the asset(s).

Removing tags from selected Nodes

  1. Using either the IP or Port chart, select an asset by clicking on the Node that represents this host or Shift + Click on the Node(s) to add it straight to the collection.
  2. From the Asset View dialog that appears, click the Add to Collection button along the bottom.
  3. Repeat this process for each additional node that you wish to remove the same tag(s) from.
  4. When all nodes have been added to the collection, scroll below the chart and a new Collection section will be present. From this Collection section, click Actions > Untag.
  5. On the Select Terms to Remove dialog, select the tag(s) that you want to remove from all the assets in this collection and click the Select button to remove the tags.

After the tag operation has completed, you can click on each asset Node again and observe that the tag is no longer present in the Tags field.

Note

Removing a tag creates a new minor version of the asset(s).

Managing Asset Versioning

It may be necessary at times to Promote or Demote assets to Major or Minor versions, which can also be performed directly from the Connections Report chart.

To Promote or Demote Assets:

  1. Using either the IP or Port chart, select an asset by clicking on the Node that represents this host or Shift + Click on the Node(s) to add it straight to the collection.
  2. From the Asset View dialog that appears, click the Add to Collection button along the bottom.
  3. Repeat this process for each additional node that you wish to Promote or Demote.
  4. When all nodes have been added to the collection, scroll below the chart and a new Collection section will be present. From this Collection section, click Actions > Promote Major to advance all assets in this collection to a new Major version or click Actions > Demote Major to demote all assets in this collection Major version to a Minor version.

Promote or Demote Version to Collection

Note

Only assets with a latest Minor version can be promoted and only assets with a latest Major version can be demoted.

Managing Policies

Segmentation Policies can also be managed using the visual nature of the Connections Report network flow chart to assist in reviewing existing policies and creating new policies.

Note

This may not provide a comprehensive view of the Segmentation Policy, its Selector or Source assets, as other related assets could be located in different containers not shown in this Connection Report or Asset Collection data may not have captured their network traffic. For a complete overview, use the Policy Query Preview option on the Segmentation Policy.

Policy Queries

The Policy search query creates a visual representation of both the Selector and Source assets associated with the selected segmentation policy. This helps the user clearly understand which Source assets will maintain inbound connectivity to a Selector and, by extension, which ones may be blocked.

To walk through a use case for the Policy search type, let's take a look at an example policy SharePoint Production. This segmentation policy was constructed with the following Selector and Source asset tags:

Segmentation Policy Query Preview

When the SharePoint Production policy is selected from this Connection Report, the following is highlighted on the chart.

Policy Queries Selector Asset Highlights

The five nodes highlighted with the red dot indicate all the assets, found in this report, that represent the Selectors defined in our SharePoint Production segmentation policy.

Now, when you hover over the SharePoint Production 01 asset, or one of these five highlighted Selector nodes, it will draw all the network traffic detected on this node (in- and out-bound) and a series of nodes will be highlighted with a green dot. Each of these green dot nodes represent Source asset(s) that will retain their in-bound traffic to this Selector node when the SharePoint Production segmentation policy is enforced. Any remaining nodes in this chart, those without green dots, will have their in-bound traffic blocked to this Selector node, when this segmentation policy is enforced. For instance, the asset Windows Server Production shows in-bound traffic (red connecting line) to SharePoint Production 01, but since this was not found as a Source and therefore is not highlighted a green dot, this traffic would be dropped when this policy is enforced.

Policy Queries Source Asset Highlights

Policy Queries Source Asset Policy Preview

For additional insights into the Policy, switch the Chart Data selector from Connections Chart to Assets Chart. This may reveal additional asset node(s) that exist in this container and are applicable to this policy because of its tags, but because there is no captured connection data, it was not visible in the Connections Chart. Switching to the Assets Chart will more closely resemble the results that are visible from the Policy Query Preview feature within the Segmentation Policy builder.

Policy Queries Assets Chart Highlight

The highlighted asset node SharePoint Production 04 is visible now because, although no connection data has been collected from this asset, it is present in the container scope of this report. Also, a green dot identifier is associated to it because the asset is tagged with terms that apply to the Source assets of the selected policy SharePoint Production. This Assets Charts visualization now more closely resembles the Policy Query Preview results from the Segmentation Policy itself (as shown below).

Policy Queries Source Asset Policy Preview


Creating New Policies

Using the Connection Reports network flow chart can also be instrumental in creating new segmentation policies. To create new policies from the chart:

  1. Using the Taxonomy search query, enter or select a Taxonomy term that will be used to identify the Selector assets for the new segmentation policy.
  2. If required, Use the + (plus) button to add an additional Taxonomy search query to refine the Selectors results.
  3. Click the Add Policy button to begin the creation of a new segmentation policy. Connections Report Add Policy Button
  4. Most of the values on this Add Policy screen will be populated based on the logic below; however, the form can be modified anywhere changes may be necessary. Connections Report Add Policy Screen
    • Description: the description value is auto-generated based on the query selection and assumed service for this new policy.
    • Publishing: is set to Disabled by default so policy effects can be previewed in the Connection Report chart before they are published.
    • Selector Taxonomy: values are taken directly from the initial Taxonomy search terms used to build this new policy.
    • Selector Terms: values are taken directly from the initial Taxonomy search terms used to build this new policy.
    • Service: value is derived from the platform's analysis of in-bound connections to each Selector asset to determine the most likely service that will be applied to this policy.
    • Source: the taxonomy terms used to locate Source assets is based on the terms used in the initial taxonomy search. It is likely that these values will need to be updated to properly reflect the intention of the new policy.

When the Add Policy screen is set to the required values, click the Save button to create the new policy.

After the policy is created, you may now select it from this chart using the Policy query to preview the policy or you may navigate to the Management > Policies page to further Edit, Publish, Preview or Manage the policy.

Connections Report New Policy Query

Segmentation Policies Page with New Policy

Executing Scripts

Adding one or more assets to a Collection enables the user to perform an interactive bulk Script execution against all included assets. This creates a convenient opportunity, from the Connections Report, to execute scripts against assets. To use this chart to execute scripts:

Note

Only scripts that are available across all assets' Task list will be available for script execution. For example, if a Windows Host asset and a Unix Host asset are within the same collection or selection, then only those scripts that are common between the task lists will be available for selection. In this default case, since no scripts are shared between these Asset Types, the Script drop-down menu will be empty.

  1. Using either the IP or Port chart, select an asset by clicking on the Node that represents this host or Shift + Click on the Node(s) to add it straight to the collection.
  2. From the Asset View dialog that appears, click the Add to Collection button along the bottom.
  3. Repeat this process for each additional node that you wish to add to this collection.
  4. When all nodes have been added to the collection, scroll below the chart and a new Collection section will be present. From this Collection section, click Actions > Execute to initiate a script execution against all assets in this collection.
  5. Using the Select Script dialog, open the Script Name drop-down menu and select the script to execute against the assets in this collection.
  6. Click the Select button to begin the interactive script execution.

To review the results of the script execution, use the Reports > Jobs on each individual asset or use the global Reports > Jobs report to view the results of all script executions.