Reports module is the place where you see what is happening on your network, which rules are hitting and more in real-time.
Sensei's rich reporting allows you both to see the overall network activity in a birds-eye view, and if you want to inspect in detail, you can select any chart item and drill-down to details. You can drill-down as many levels as you like.
In any time, you can click on the "Sessions Explorer" to see per-connection details for the current reporting level.
On the top right hand-side, you can select customize the reporting criteria
You can select the metrics used to create the reports. Do you want to see how many sessions are created, or how many packets transmitted, or may be the number of bytes transferred? You can select which information you want to see here. They can be either one of them:
Sessions: number of connections / transactions
Packets: number of packets
Volume: number of bytes
You can define a time interval. Time interval can be:
Last 5 minutes
Last 1 hour
Last 1 day
Last 1 week
Last 1 month
This is the auto-refresh interval for the reports to automatically refresh with new data.
You can drill-down to the data you see on the page by clicking on any of the charts displayed, and filter out the data. It will be automatically applied to all the charts.
You can filter out the reports by clicking "+ Add Filter" button on top of each report page.
Select what to filter.
Enter the keyword
Click Add to apply your filter to the current report page.
Sensei's "Explorer" module displays and lets you browse the relevant data about the report you're on. All reports have slightly different versions of the explorer. You'll notice how the explorer consolidates the data and changes functionality based on the report you're exploring.
Each report page has an explorer screen that renders detailed connection logs with a searchable, sortable fashion.
There is a dynamic text search area at the upper right corner of every explorer screen. It helps you to filter all the data in the grid as you type.
You'll find three buttons for each log item.
Info icon: Provides connection details.
Action icon: Helps you to block or allow that particular connection.
Query icon: Renders a form to query whois data for that connection.
Due to the nature of the job, Sensei creates a vast amount of data and creates meaningful graphics based on them. Each Sub-Module has its own chart setup.
App Categories Breakdown
Top Local Hosts
Top Remote Hosts
Egress New Connections by App Over Time
Eggress New Connections by Source Over Time
New Connections & Unique Remote Hosts
Unique Local Hosts over Time
Conns - Facts
Egress New Connections Heatmap
Top Destination Locations Heatmap
Table of Local Assets
Table of Apps
Table of Remote Hosts
Top Remote Ports
Top Locale Serving Ports
Alerts - Top Blocks
Alerts - Blocked Local Hosts and Reasons
Alerts - Blocked Conversations Heatmap
Alerts - Blocked Local Hosts Over Time
Web - Top Categories
Web - HTTP Transactions by Source Over Time
Web - Top Talkers Heatmap
Web - Tag Cloud Top Request Methods
Web - Tag Cloud Top HTTP Versions
DNS Transactions Heatmap
DNS Queries Distribution
DNS Query Types Tag Cloud
DNS Response Codes Tag Cloud
TLS - Top Talkers Heatmap
TLS - Web Categories Breakdown
TLS - Top TLS Session Creators Over Time
TLS - Destination Ports Tag Cloud
TLS - Top TLS Servers Over Time