Statistics

Statistics

The Statistics module in NETALERT provides a graphical representation of recorded network traffic and generated alerts. It can be accessed from the Statistics section upon logging into the application or at any time by clicking in the left-side menu of the Web Interface. This section focuses exclusively on large-scale statistical data:

Search and filter section

The Search field in the Statistics module provides an advanced filtering capability, allowing users to precisely narrow down displayed data based on specific criteria. This feature enhances data visibility and enables the quick identification of relevant information within large datasets.

At the top of the Statistics interface, a quick search feature allows users to filter data based on specific time ranges. The Start Date and End Date calendar selectors enable precise selection of a custom time interval for data visualization. Additionally, predefined quick filters such as Last 6 hours and Last day provide instant access to recent traffic and alert statistics, ensuring a fast and efficient analysis of network activity.

To maximize the graph, click the button located in the top right corner of the graph.

In the center of certain graph panels, a "quick filter" option is available, allowing adjustment of the time intervals to 1 minute, 10 minutes, 1 hour, 6 hours, 8 hours, or 24 hours for more granular data analysis.

Types of statistics graphs

• The Alert Names graph - displays the names of generated alerts, providing a visual representation of detected security events. This chart helps in identifying the most frequent alert types, enabling a better understanding of network threats and potential vulnerabilities.

• The Traffic Count graph - provides a comprehensive visualization of all recorded network traffic within the application. It enables monitoring of traffic patterns, identifying usage trends, and detecting potential anomalies or unusual spikes in activity, which may indicate security threats or performance issues.

• The Alerts Count graph - displays the total number of recorded alerts within the application. It provides insights into security events, highlighting trends in detected threats, suspicious activities, or system anomalies over a selected time period. This visualization helps in assessing the security status and identifying potential issues that require further investigation.

• The ML Score graph - to visualizes the minimum, maximum, and average Machine Learning (ML) scores over a specified time period. This chart helps in monitoring anomaly detection, risk assessments, or behavioral analysis performed by the ML algorithms. By analyzing these scores, users can identify patterns, detect potential threats, and assess the reliability of the system’s automated threat detection capabilities.

• The DNS Request Error graph - displays the recorded DNS request errors over a specified period. This visualization helps in identifying issues related to domain name resolution, such as failed queries, non-existent domains, or misconfigured DNS settings. Monitoring these errors can assist in troubleshooting network issues, detecting potential cyber threats, and ensuring the stability of DNS services.

• The Tags graph - displays the detected tags assigned to network flows or packets.

• The Source IP graph - presents the source IP addresses identified from the network traffic. This visualization helps in monitoring traffic origins, detecting unusual or suspicious activity, and analyzing communication patterns within the network.

• The Destination IP graph - displays the destination IP addresses identified from the network traffic. This chart provides insights into where the traffic is being directed, helping with network monitoring, identifying potential threats, and analyzing communication patterns.

• The Source Port graph - displays the source ports identified from network traffic. This information helps in analyzing traffic patterns, understanding application usage, and detecting potential security threats by identifying the origin of network connections.

• The Destination Port graph - displays the destination ports identified from network traffic. This helps in analyzing service usage, monitoring communication patterns, and detecting unusual or potentially malicious activity targeting specific ports.

• The Ethernet Type graph - displays the different Ethernet protocol types identified from network traffic. This helps in analyzing network communication, categorizing traffic types, and detecting anomalies based on protocol distribution.

• The Protocol graph - displays the various network protocols identified from traffic data. This helps in understanding protocol distribution, monitoring network behavior, and detecting any unusual or unauthorized protocol usage.

• The Hostnames graph - displays the hostnames recorded by the application. This provides insights into network activity, helps in identifying frequently accessed domains, and assists in detecting any suspicious or unauthorized communications.

• The Emails graph - displays the email addresses recorded by the application. This helps in monitoring email traffic, identifying communication patterns, and detecting potential security threats such as phishing attempts or unauthorized email transmissions.

• The IOC IP graph - displays all Indicator of Compromise (IOC) IP addresses detected by the application. These IPs are associated with known threats, such as malware, botnets, or other malicious activities. Monitoring this graph helps in identifying potential security risks, tracking suspicious connections, and strengthening network defenses.

• The Domain graph - presents all detected domains recorded by the application. It provides insights into domain activity within the network, helping to identify legitimate and potentially malicious domains. This graph is useful for monitoring communication patterns, detecting phishing attempts, and analyzing domain-based threats.

• The Impact graph - displays all recorded impact levels categorized as Low, Medium, High, and Critical. This visualization helps assess the severity of detected security events, providing a clear overview of potential threats. By analyzing this graph, administrators can prioritize incident response efforts, focusing on high-risk and critical alerts while monitoring lower-impact events for trends or recurring issues.

• The Severity graph presents all recorded severity levels, ranging from 0 to 9. This graph provides a visual representation of the intensity of detected security events, helping administrators assess potential threats based on their severity scores. Lower values indicate minimal risk, while higher values correspond to more critical threats. By analyzing this graph, security teams can efficiently prioritize incident response and mitigation efforts.

• The Top Talkers graph - displays the most active sources of network traffic within a given timeframe. This visualization helps identify the devices or IP addresses generating the highest volume of data exchanges. Monitoring Top Talkers is essential for detecting unusual network behavior, diagnosing bandwidth consumption issues, and identifying potential security threats such as data exfiltration or compromised hosts.

• The Top Receivers graph - highlights the network entities that have received the highest volume of data, measured in ReceivedBytes. This visualization provides insights into which devices, servers, or endpoints are consuming the most inbound traffic. Monitoring Top Receivers is useful for identifying potential bottlenecks, detecting abnormal data transfers, and analyzing traffic distribution across the network.

• The Top Senders graph - displays the network entities that have transmitted the highest volume of data, measured in SentBytes. This visualization helps in identifying the most active data sources within the network, monitoring traffic flow, and detecting any unusual or excessive outbound data transmissions. Analyzing Top Senders can assist in uncovering potential security threats, bandwidth consumption trends, and overall network performance.

• The Top Applications graph - provides a visual representation of the most frequently used applications within the network. It identifies and categorizes applications based on network traffic data, helping to monitor usage patterns, detect anomalies, and optimize network performance. This insight is valuable for security analysis, bandwidth management, and identifying potential unauthorized application usage.

• The Top Users graph - displays a ranked list of the most active users based on network traffic data. It helps identify users generating the highest volume of traffic, providing insights into usage patterns, potential security risks, and resource consumption. This graph is useful for monitoring network behavior, detecting anomalies, and ensuring compliance with organizational policies.

To review detailed information about traffic data at both packet and flow levels, as well as the alerts triggered by anomalous events.