To limit the number of nodes and links displayed on the network map, you can use the following functions:
To filter nodes and links, you can choose the relevant period of time on the time scale. The time scale is displayed in the lower part of the Network map section.
The time scale contains the following items:
The following types of filtering periods are provided:
To configure object filtering by a period correlated to the current moment:
The network map shows only those nodes and links for which communications were detected since the beginning of the specified period up to the current moment.
To configure filtering by a period not correlated to the current moment:
You can configure the network map to show the nodes and links whose information is saved in events associated with the selected nodes.
The capability to filter by event is available if no more than 200 nodes on the network map are selected. You can select the relevant nodes individually or as part of collapsed groups that include the relevant devices. When a collapsed group is selected, all devices in the child groups of any nesting level are also included in the device selection.
You can use the following methods to filter by event:
To display nodes and links using initial filtering by event:
To select multiple nodes and/or groups, do one of the following:
The details area appears in the right part of the web interface window. The details area shows the total number of selected nodes and groups while also showing the quantitative distribution of selected objects by type.
The network map displays only those nodes and links whose information is contained in events associated with the selected nodes. The toolbar located above the network map will show a list containing the IDs of events (IDs are listed in the order in which their associated events were detected).
To add nodes and links to the displayed objects by using additional filtering by event:
The details area appears in the right part of the web interface window.
The network map will additionally display the nodes and links whose information is contained in events associated with the selected nodes. The IDs of detected events are added to the list containing IDs in the toolbar.
You will see a list containing the names of statuses for devices that are known to the application (Unauthorized, Authorized, Archived), and the Unknown device status for devices that are unknown to the application.
The network map displays only those nodes that represent devices with the selected statuses.
You will see a list containing the names of security states for devices (OK, Warning, Critical).
The network map displays only those nodes that represent devices with the selected security states.
You will see a list containing the names of categories for known devices, as well as individual categories for unknown devices and WAN nodes.
The network map displays only those nodes that represent the selected categories of devices.
After filtering nodes, the network map displays only those nodes that satisfy the defined filter settings. In addition, for a node to be displayed on the network map, it must have a connection (link) with another displayed node. If the defined filter settings cause the network map to not display all nodes with which a node has interacted, this node is also not displayed on the network map. Filtering is applied similarly for nodes that are part of a consolidated node of unknown devices: if the network map does not display all nodes with which a node of an unknown device has interacted, this node is removed from the list of nodes within the consolidated node of unknown devices.
If necessary, you can enable the network map to display all nodes associated with filtered nodes. Together with nodes that satisfy the defined node filter settings, the network map will also display all nodes with which interactions have occurred (irrespective of the defined filter settings).
For example, if node filtering by PLC category is enabled and you have enabled the display of linked nodes, the network map will display all nodes that have communicated with PLC category devices. If the display of linked nodes is disabled, the network map will display nodes of only those PLC category devices that have communicated with each other.
To enable or disable the display of nodes associated with filtered nodes:
Use the Linked devices toggle button in the toolbar located above the network map.
You will see a list containing the names of the severity levels of events (Informational, Warning, Critical), as well as the No events item that lets you filter connections for which no events have been registered.
The network map displays only those links associated with events that have the selected severity levels.
You will see a window containing the table of supported protocols displayed as a protocol stack tree. You can manage how tree elements are displayed by using the + and - buttons next to the names of protocols that contain protocols of subsequent layers.
The table columns provide the following information:
If you select or clear the check box for a protocol that contains nested protocols, the check boxes for the nested protocols are also automatically selected or cleared.
The network map displays only those links in which the selected protocols were used.
You can filter links based on the levels of communications corresponding to the layers of the OSI (Open Systems Interconnection) model for the network protocol stack.
To filter links on the network map based on the layers of the OSI network model:
You will see a list containing the names of OSI model layers:
The network map displays only those links that are associated with the selected OSI model layer.
You can reset the defined settings for filtering nodes and links to their default state.
To reset the defined filter settings on the network map:
In the toolbar located above the network map, click the Default filter button (this button is displayed if filter settings have been defined).
The network map will display all nodes and links for which communications were detected during the currently defined period.