NetFlow Monitor Dashboard

by Josef Weiss
April 8, 2014

This dashboard displays event statistics leveraging the capabilities of Tenable NetFlow Normalized Events. This event data is correlated to produce a series of pie charts, tables, and trends lines to display statistical data.

NetFlow data that is being forwarded to Tenable’s LCE includes ports, source and destination IP address. The components in this dashboard include:

Top Talkers Class B (All Traffic)

  • This component presents the analyst with a pie chart referencing the Top 5 talkers filtered by Class B address space, providing a visual representation of address space utilizing the most bandwidth over the last 24 hour reporting period.

Top Talkers Class C (All Traffic)

  • This component presents the analyst with a pie chart referencing the Top 5 talkers filtered by Class C address space, providing a visual representation of address space utilizing the most bandwidth over the last 24 hour reporting period.

Top Talkers by IP Address (Last 24 Hours)

  • This component presents the analyst with a table referencing the Top 5 talkers filtered by specific IP address, providing a visual representation of the top talking IP addresses along with a packet count over the last 24 hour reporting period.

Web Traffic (7 Day/24 Hour/1 Hour)

  • This component presents the analyst with a graphical representation and trending for HTTP vs. HTTPS over the specified timeframe. This provides a fast method to conduct visual trend analysis of specific protocols.

TCP/UDP Traffic (7 Day/24 Hour/1 Hour)

  • This component presents the analyst with a graphical representation and trending for TCP vs. UDP over the specified timeframe. This provides a fast method to conduct visual trend analysis of specific protocols.

Other upcoming components in the SecurityCenter Feed will include 7 Day, 24 Hour, and 1 Hour components for:

  • ICMP
  • SNMP
  • SSH/Telnet
  • With more to come

The dashboard and its components are available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The dashboard requirements are:

  • SecurityCenter 4.8.1
  • LCE 4.2.2
  • NetFlow EventData