Flow Analytics - Traffic Summary
This view provides detailed visibility, filtering and analysis for events recorded by Multicloud Defense from either a forward
or reverse gateway proxy. Traffic Summary events contribute to one of three event types: Firewall Events
, Network Events
and Web Attacks
.
Tthe summary page shows both closed and ongoing sessions; select "All events" in the traffic summary page and this selection will list all events including closed and the periodic 5 minute events for long running sessions.
Traffic Summary
Tables and Fields available in Session Summary are as follows:
Event Details |
Description |
---|---|
Date and Time |
ISO 8601 format: YYYY-MM-DD T HH:MM:SS:S Example: |
CSP Account |
Multicloud Defense CSP Account |
Gateway |
Multicloud Defense Gateway |
Region |
Region of the Multicloud Defense Gateway |
Level |
INFO |
Session ID |
.. |
Client-side Connection |
Description |
---|---|
Src IP |
Source IP Address |
Src Port |
Source Port |
Dest IP |
Destination IP Address |
Dest Port |
Destination Port |
Protocol |
UDP, TCP |
Client-side Stats |
Traffic between client and Multicloud Defense Gateway |
---|---|
Received Bytes |
Number of bytes received from client |
Transmitted Bytes |
Number of bytes sent to client |
Received Packets |
Number of packets received from client |
Transmitted Packets |
Number of packets sent to client |
Policy Match Info |
Description |
---|---|
Dest Address Group |
Destination Address Group configured in the matched policy rule |
Src Address Group |
Source Address Group configured in the matched policy rule |
Request SNI |
Server Name Indication in the request |
Service Type |
Service Type. Example: |
Src Country |
Country that the request originated from on the client-side |
Dest Country |
Country that the request was destined to on the server-side. Example: |
Server-side Connection |
Description |
---|---|
Src IP |
Source IP Address |
Src Port |
Source Port |
Dest IP |
Destination IP Address |
Dest Port |
Destination Port |
Protocol |
UDP, TCP |
Server-side Stats |
Traffic between Multicloud Defense Gateways and server |
---|---|
Received Bytes |
Number of bytes received from server |
Transmitted Bytes |
Number of bytes sent to server |
Received Packets |
Number of packets received from server |
Transmitted Packets |
Number of packets sent to server |
Application Info |
Description |
---|---|
Client App Name |
Application name associated with client side of the session. Example: |
Payload App Name |
HTTP application name associated with webserver host. Example: |
Service App Name |
Application name associated with server side of the session. Example: |
Action |
Description |
---|---|
Action |
ALLOW, DENY |
Cloud Service |
Description |
---|---|
Cloud Service |
Name of the destination cloud service accessed with the request. Example |
Src Instance Info |
Description |
---|---|
Instance ID |
Client instance ID |
Instance Name |
Client instance name (and provides ability to see tags) |
VPC ID |
Client VPC ID |
HTTP Request |
Description |
---|---|
Host |
Host portion of URL |
Method |
GET, PUT, POST, HEAD, DELETE, PATCH, OPTIONS |
URI |
URI Identifier RFC 3986 |
Rule |
Description |
---|---|
ID |
ID number/description of Multicloud Defense Rule. Example |
FQDN |
Description |
---|---|
FQDN |
Fully Qualified Domain Name |
Category Name |
Category classification of the FQDN. Example: |
Reputation |
Reputation score of the FQDN |