Information in the Events widget

The Network traffic events widget in the Dashboard section displays general information about the NDR events and aggregate events that have the most recent last-seen date and time.

The widget displays the following elements:

• A histogram of NDR events and aggregate events for the selected period. This information is displayed in the upper part of the widget. The histogram displays the distribution of NDR events and aggregate events by severity level.
• A list of information about registered NDR events and aggregate events, sorted by their last-seen date and time. This information is displayed in the middle part of the widget.

Statistics of NDR events and aggregate events

On the distribution histogram of NDR and aggregate events, the bars correspond to the total number of events for each time interval. Inside the bars, the colors stand for severity levels of events. The following colors correspond to the severity levels:

• Blue. This color is used for Low-severity NDR events and aggregate events.
• Yellow. This color is used for Medium-severity NDR events and aggregate events.
• Red. This color is used for High-severity NDR events and aggregate events.

You can hover over a bar to view information about it. The pop-up window displays information about the date and time of the interval, as well as the number of NDR events and aggregate events by severity level.

The length of the time intervals depends on the selected display period. You can select a period for the histogram with the following buttons:

• 1h: one-hour period, subdivided into one-minute intervals.
• 12h: 12-hour period, subdivided into one-hour intervals.
• 24h: 24-hour period, subdivided into one-hour intervals.
• 7d: seven-day period, subdivided into one-day intervals.

List of NDR events and aggregate events

The list of NDR events and aggregate events in the Network traffic events widget is updated in on-line mode. NDR events and aggregate events with the most recent last-seen date and time are placed at the top of the list.

The number of displayed items in the list of NDR events and aggregate events is limited by the size of the widget.

For each event in the list, the following information is provided:

• Title of the NDR event or aggregate event.
• Last-seen date and time.
• Icon that stands for the severity of the NDR event or aggregate event:
  •  – Low severity level
  •  – Medium severity level
  •  – High severity level

Aggregate events in the list are marked with .

Navigating to other sections from the widget

You can use the controls of the Network traffic events interface to go to the events table and display detailed information about NDR events and aggregate events. The following options are available to achieve this.

Navigating to the table of network traffic events and filtering the table

You can view detailed information about an NDR event or aggregate event by clicking the event in the list of the Network traffic events widget. Doing so opens the Network traffic events section in which the table will be filtered based on the ID of the selected NDR event or aggregate event. The filtering criteria also include the period from the date and time of registration of an NDR event or aggregate event to the current moment (without specifying the right bound of the period).

If you want to go to the table of network traffic events without changing the current filtering conditions of the table in the Network traffic events section, click the Show all events link in the Network traffic events widget.

Navigating to the table of events and searching the table

To go to the devices table and find devices in the table:

1. In the Network traffic events widget, enter your search query into the Search events field.
2. Click Search.

This opens the Network traffic events section. The table of events displays NDR events and aggregate events that match the search criteria.

Page top