Links on the network interactions map
Links on the network interactions map are identified based on detected network packets for which the source and destination addresses can be mapped to the addresses of nodes.
Each link shows two sides of communication. A communication side in a link may be one of the following objects on the network interactions map:
- One of the following types of nodes:
- Device that is known to the application.
- Device that is unknown to the application.
- Consolidated node of unknown devices – if the link shows communication with one or more unknown devices of this node.
- WAN node – if the link shows communication in which the source of network packets is a WAN device (the IP address belongs only to Public networks that are known to the application).
- Collapsed group, if the link shows communication with one or more devices in this group.
Depending on the scores of the events registered when communications are detected, the link may have the one of following colors:
- Gray – the communication did not cause event registration, or only events with score of 0.0–3.9 were registered.
- Red – the communication caused the registration of events with score of 4.0–10.0.
Events registered during the defined object filtering period are taken into account for links. However, the current status of events is not taken into account.
The application saves connection data in the database on the Server. The total volume of saved entries cannot exceed the defined limit. If the volume exceeds the defined limit, the application automatically deletes 10% of the oldest entries. You can set a maximum volume limit for the network interactions map when configuring data storage settings on the Server node.
