Links on the network map
Links on the network map are identified based on detected network packets in which the source and destination addresses can be correlated to the addresses of nodes.
Each link shows two sides of communication. A side of communication in a link may be one of the following objects on the network map:
- One of the following types of nodes:
- Device that is known to the application.
- Device that is unknown to the application.
- Consolidated node of unknown devices – if the link shows communication with one or more unknown devices of this node.
- WAN node – if the link shows communication in which the source of network packets is a WAN device (the IP address belongs only to Public networks that are known to the application).
- Collapsed group, if the link shows communication with one or more devices in this group.
Depending on the severity of events registered when communications are detected, the link may have the following colors:
- Gray – the communication did not cause event registration, or only events with the Informational severity level were registered.
- Red – the communication caused the registration of events with the Warning or Critical severity level.
Events registered during the defined object filtering period are taken into account for links. However, the current status of events is not taken into account.
The application saves connection data in the database on the Server. The total volume of saved entries cannot exceed the defined limit. If the volume exceeds the defined limit, the application automatically deletes 10% of the oldest entries. You can set a maximum volume limit for the network map when configuring data storage settings on the Server node.
