Skip to main content

Learn More About Insights

  • Learn More About Insights
  • Insights Hub

Insights Hub

Use the Insights hub to get a consolidated view of your security environment including malicious IPs, data exfiltration, risky services, top destinations, top regions, DORA compliance, and LLM use. Use the hub to track and monitor risks. Compare data obtained within the last 24 hours, last 7 days, last 30 days, or specify a custom date range.

Watch this video to get an overview of the Insights Hub.

  • Top Malicious IPs

    Use these insights to learn about the top malicious IPs in your environment based on suspicious ports or protocols.

  • Top Sources With Data Transfer

    Use these insights to look for large volume data transfers and workloads associated with them.

  • Risky Services Traffic

    Search for any combination of service, port and protocol to identify risky services traffic. Examine the deltas between current and previous flows and bytes to help identify increases in risky traffic.

  • Top Destination Roles For Workloads

    Use these insights to understand specific workloads in your environment that may have been compromised. For each of your workloads using a port and protocol combination, see the role labels associated with the receiving destinations.

  • Top Cross Region Traffic

    Use these insights to investigate the behavior associated with suspicious traffic coming from unknown regions and countries. Search for the top cross region traffic to determine which region the flows and bytes are coming from.

  • Top Region To Country Traffic Volume

    Use these insights to see the top countries that receive traffic from your regions and whether traffic to a country or unknown location has increased recently.

  • DORA Compliance

    Use these insights to monitor compliance metrics for information and communications technologies (ICTs). Search for specific services in ICTs that are not encrypted.

  • LLMs in Use

    Use these insights to identify LLMs that are sending risky or unknown traffic to external destinations. Search for specific LLMs that your network is communicating with to view risky or unknown traffic flows.

NOTE: Switching between flows and bytes may change your displayed results. Suppose a resource with denied traffic has a large number of flows but zero bytes. In this case, switching the displayed results from flows to bytes would remove the resource from a Top 10 list due to the low byte count, replacing it with another resource that has a higher byte count.