In recent years, the concepts of Artificial Intelligence (AI) and Machine Learning (ML)...
6.1 Using Filters in Data Explorer
Measuring Traffic Volume to mysql. #
Description: Measure the total traffic volume (total octets, minimum, and maximum) directed to mysql.
Filter: Application Name is mysql,
Group By Application Name.
Monitoring Traffic for Remote Administration Activity #
Description: Monitor network traffic originating from the specific IP address 185.234.216.136 targeting ports commonly used for remote administration, such as SSH (port 22) and RDP (port 3389).
Filter: Source Address is 185.234.216.136 AND Destination Port is 22 OR Destination Port is 3389.
Verifying Traffic between Two Autonomous Systems #
Description: Verify traffic exchanged between two specific Autonomous Systems (AS).
Filter: Source AS is 62154 AND Destination AS is 31252.
Protocol Traffic Analysis #
Description: Analyze network traffic focusing on TCP and UDP protocols or use grouping to focus on specific fields or compare the amount of traffic.
Filter: Protocol is TCP OR Protocol is UDP.
Traffic Monitoring on Critical IP and Input Interface #
Description: Monitor network traffic destined for the IP address 4.87.0.0 specifically entering through input interface 16.
Filter: Destination Address is 4.87.0.0 AND Input Interface is 16.
Traffic Identification Based on BGP Communities #
Description: Monitor network traffic associated with the specified BGP community (31580:31580) directed towards the destination IP address 185.108.39.69.
Filter: Community is 31580:31580 AND Destination Address is 185.108.39.69.
Traffic Monitoring for ICMP and IGMP Protocols #
Description: Monitor ICMP (Internet Control Message Protocol) and IGMP (Internet Group Management Protocol) traffic to analyze ping requests and multicast group communication.
Filter: Protocol is ICMP OR Protocol is IGMP.
Traffic Monitoring for ssh on Input Interface 7 #
Description: Monitor traffic originating from input interface 7 specifically for the ssh to analyze its usage patterns.
Filter: Choose Application Name is ssh AND Input Interface is 7.
Traffic Analysis on Exporter IP Address #
Description: Monitor traffic that passes through the device 185.34.202.233 specifically to port 80 (HTTP) to analyze web access patterns.
Filter: Choose Exporter Address(Device) is 185.34.202.233 AND Destination Port is 80.
SNMP Management Traffic Analysis #
Description: Monitor SNMP (Simple Network Management Protocol) traffic specifically to port 161 to analyze network management requests and operations.
Filter: Destination Port is 161 AND Protocol is UDP.
Traffic Identification with Specific Local Preference #
Description: Analyze traffic with a BGP (Border Gateway Protocol) local preference of 100 originating from autonomous system 14618.
Filter: BGP Local Preference is 100 AND Source AS is 14618.
Traffic Analysis Based on a Specific AS Path #
Description: Monitor traffic following a specific AS (Autonomous System) path consisting of AS numbers 31252, 3356, 4837, and 17622.
Filter: Destination AS Path is 31252, 3356, 4837, 17622.
Traffic Identification Based on the Next Hop Address #
Description: Identify traffic based on the next hop address 95.65.8.137.
Filter: Next Hop is 95.65.8.137.
Analysis of Exported Traffic Based on Exporter ID #
Description: Analyze if exporter with ID 589824 is actually exporting or registering traffic on port 21 (FTP).
Filter: Destination Port is 21 AND Exporter ID is 589824.
Monitor and analyze HTTPS traffic originating from a source address with specific mask. #
Description: Monitor and analyze HTTPS traffic originating from the source address 193.163.125.224 with a specific mask of 24, targeting destination port 443.
Filter: Source Address is 193.163.125.224 AND Source Mask is 24 AND Destination Port is 443.
Traffic Monitoring to a Specific Domain #
Description: Monitor network traffic destined for a specific domain, using an FQDN (Fully Qualified Domain Name) filter for the domain “google.com.”
Filter: Destination FQDN Address is google.com.
HTTP Network Traffic Monitoring #
Description: Monitor network traffic that utilizes the HyperText Transfer Protocol (HTTP).
Filter: Destination Port is 80 AND Protocol is TCP.