Skip to main content

Reports Overview

When you need to see what is happening on your network, which rules are hitting and more in real-time, Reportspage is the first place that you should view. It provides you many interactive charts helpful for analysing the traffic and security risks on your network.

All reports have their predefined charts. You'll be provided with the charts relevant to the report you're on.

Start with the big picture, drill-down to details

Zenarmor®'s rich reporting allows you both to see the overall network activity in a birds-eye view, and if you want to inspect in detail, you can filter any chart item and focus on to details.

Reporting criteria

To customize your reports, you can select the reporting criteria on the top right hand-side.

Reporting Metric

You can select the metrics used to create the reports. Do you want to see how many sessions are created, or how many packets are transmitted, or the number of bytes transferred? You can select which information you want to see here. Available Reporting Metrics are:

  1. Sessions: Number of connections/transactions

  2. Packets: Number of packets

  3. Volume: Number of bytes

Reporting Time Interval

You can define a time interval for your report. Available Time Interval options are :

  • Last 30 minutes

  • Last 6 hours

  • Last 12 hours

  • Last 24 hours

  • Last 72 hours

  • Last week

  • Custom range

Refresh Time

This is the auto-refresh interval for the reports to automatically refresh with new data. The interval options on Cloud Portal are Pause, 1 minute, 5 minutes, and 15 minutes, 30 minutes and 1 hour.

To refresh the reporting page immediately you may click on the Refresh button at the top right corner of the screen.

Record Size

You may specify record size of the reports by selecting available options in the Record Size drop-down menu at the top of the page:

  • Top 5
  • Top 10
  • Top 25
  • Top 50
  • Top 100

How to Use Generic Filter

Zenconsole includes a filtering option that is extremely useful for inspecting network activity. You can apply a filter to your report view in two ways.

  • Selecting the Filter option from the configuration bar at the top of the Reports page.
  • Selecting a chart pane and clicking the Filter or Exclude button.

Filtering on Configuration Bar

To apply a filter to the report view, you may follow the next instructions:

  1. Click on the Filter button on the configuration bar at the top of the 'Reports' page. This will pop up a dialog box. You may enable the following options provided by Zenarmor:

    • Private Access Connections: This settings provides 3 options. By default all connections including secure private networks connections and Internet connections are displayed.
    1. Show All Connections
    2. Show Only Private Access Connections
    3. Hide Private Access Connections

    Filtering Private Access Connections

    Figure 1. Filtering Private Access Connections

    • Hide Blocked Connections: When you enable this option, blocked sessions are not displayed in the reports.
    • Hide Local Connections: When you enable this option, internal sessions on your LAN are not displayed in the reports.
    • Show Only Blocked Connections: When you enable this option, only blocked connections are displayed in the reports.
    • Hide Infrastructure-related Connections: When you enable this option, infrastructure-related connections are not displayed in the reports.
    • Include Inbound Traffic: Users can apply a filter for both traffic flow directions in reports, ensuring more precise traffic analysis and management. When you enable this option, inbound connections are displayed in the reports.
    • Include Outbound Traffic: When you enable this option, outbound connections are displayed in the reports.

  2. You may add new filter by selecting the reporting metric (such as Destination IP) in the first dropdown menu.

  3. Select the operator in the second dropdown menu. There are 4 operator options available:

    • Equals
    • NotEquals
    • Contains
    • Does not Contain

  4. Set a value that you want to be filtered for the report.

  5. You may click Add more toggle bar if you want to add multiple filters.

  6. Click Add button to activate filtering settings.

  7. You may click Close after adding all filters to close the window.

The filter is automatically applied to the charts.

Applying Filter

Figure 2. Applying Filter

After adding filters, a Reset All Filters button will be displayed at top right of the Reports page.

By clicking on the Reset All Filters button, you may clear all defined report filtering settings.

Filtering on Charts

To apply a filter to the report view, you may also follow the steps given below:

  1. Select one of the chart panes. For example, if you're on Connections tab, you can try App Categories Breakdown.

  2. You may hover your mouse over the filtering type on the right sight of the chart pane. This will display Filter, Exclude and drop-down menu with ... icon buttons. For example, hover your mouse over Secure Web Browsing. Clicking on ... icon will open a drop-down menu including Filter, Exclude and Live Sessions options.

    Adding Filter on Chart

    Figure 2. Adding Filter on Chart

  3. Or, you may click on the chart pie that you want to apply a filter. This will open a drop-down menu including Filter, Exclude and Live Sessions options.

    Adding Filter via Chart Pie

    Figure 3. Adding Filter via Chart Pie

  4. Click either Filter or Exclude button. This will apply your filter to the current report page. For example, click Filter button.

    Connections filtered out for Application Category = Secure Web Browsing

    Figure 4. Connections filtered out for Application Category = Secure Web Browsing

You can apply more than one filter to the report view and see the filtering/exclude parameters on the top of the reporting page.

Connections filtered out for Application Category = Secure Web Browsing and Remote Hosts!=updates.sunnyvalley.io

Figure 5. Connections filtered out for Application Category = Secure Web Browsing and Remote Hosts!=updates.sunnyvalley.io

Report Charts

Due to the nature of the job, Zenarmor creates a vast amount of data and creates meaningful graphics based on them. Each Sub-Module has its own chart setup.

You can hover your mouse over the filtering type on any of the charts to filter out the reporting data on Cloud Portal.

Filtering will be automatically applied to all the charts as is.

Connection Report Charts

Zenconsole provides the following Connection charts:

  • App Categories Breakdown

  • Apps Breakdown

  • Top Devices

  • Top Device Categories

  • Top Local Hosts

  • Top Remote Hosts

    Connections Report View On Cloud Portal

    Figure 6. Connections Report View

  • Top Remote Ports

  • Top Locale Serving Ports

  • Egress New Connections by App Over Time

  • Eggress New Connections by Source Over Time

    Egress Connections Report On Cloud

    Figure 7. Egress Connections Report

  • Unique Local Hosts

  • New Connections & Unique Remote Hosts

  • Egress New Connections Heatmap

  • Table of Remote Hosts

    Top Connection Ports & Hosts Report On Cloud

    Figure 8. Top Connection Ports & Hosts Report

  • Top Eggress Users

  • Top Ingress Users

  • Facts

  • Top Destination Locations Heatmap

  • Table of Apps

  • Table of Local Assets

  • Table of Remote Hosts

  • Interfaces & Vlans

  • Policies

Threats Report Charts

Zenconsole provides the following Threats charts:

  • Top Detected Threats

  • Top Blocked Threats

  • Threats Detected and Allowed

  • Top Threat Destinations

  • Top Blocked Devices

  • Top Detected Devices

  • Top Blocked Device Categories

  • Top Detected Device Categories

  • Top Detected Hosts

  • Top Blocked Hosts

  • Top Blocked Users

  • Top Detected Users

  • Top Countries

  • Interfaces & Vlans

  • Policies

    Threats Report View On Cloud

    Figure 9. Threats Report View

Blocks Report Charts

Zenconsole provides the following Blocks charts:

  • Top Devices

  • Top Device Categories

  • Blocked Local Hosts and Reasons

  • Top Blocks

  • Blocked Conversations Heatmap

  • Blocked Local Hosts Over Time

  • Top Eggress Users

  • Top Ingress Users

  • Interfaces & Vlans

  • Policies

    Blocks Report View On Cloud

    Figure 10. Blocks Report View

Web Report Charts

Zenconsole provides the following Web charts:

  • Top Categories

  • HTTP Transactions by Source Over Time

  • Top Devices

  • Top Device Categories

  • Top Talkers Heatmap

  • Top Request Methods

  • Top HTTP Versions

  • Top HTTP Response Codes

  • Top Web Ports

  • Top OS

  • Top Eggress Users

  • Top Ingress Users

  • Top User Agents

  • Policies

  • Interface & Vlans

  • Top Devices

  • Table of Sites

  • Table of URIs

    Web Report View On Cloud

    Figure 11. Web Report View

DNS Report Charts

Zenconsole provides the following DNS charts:

  • DNS Transactions Heatmap

  • Policies

  • DNS Queries Distribution

  • DNS Query Types

  • Top Devices

  • Top Device Categories

  • Top Eggress Users

  • Top Ingress Users

  • DNS Response Codes Tag Cloud

  • Interface & Vlans

    DNS Report View On Cloud

    Figure 12. DNS Report View

TLS Report Charts

Zenconsole provides the following TLS charts:

  • Top Talkers Heatmap

  • Web Categories Breakdown

  • Policies

  • Top TLS Session Creators Over Time

  • Top Destination Ports

  • Top TLS Servers Over Time

  • Top Devices

  • Top Device Categories

  • Top Eggress Users

  • Top Ingress Users

  • Interface & Vlans

    TLS Report View On Cloud

    Figure 13. TLS Report View

Video on Zenarmor Advanced Reporting Capabilities

Here is a video about the Zenarmor Advanced Reporting Capabilities

Last updated on by Zenarmor