Network traffic

If the Enterprise Threat Protector (ETP) Proxy is enabled for your enterprise, you can report on all network traffic that is directed to ETP, including suspicious traffic or traffic that bypasses ETP Proxy. The Network Traffic report logs all connections that are directed to ETP. If traffic was dropped, the connection data reports why.

The organization of traffic or connection data is similar to event data. The following applies:
  • Any applied date or data filter defines the data that is shown. You can filter data based on the selected date or date range, the time of day you enter, the area you select in the Time graph, and the actual filters applied to data in the report. You can create a filter where you include or exclude data from the view.
  • Connection data that appears on the Network Traffic report is defined by the selected dimension.
    • The Top 6 area lists the top 6 data values for the selected dimension. For example, if you select the Location dimension, the Top 6 Locations are listed.
    • Connection data is grouped by the selected dimension. For example, if you select the Location dimension, this data is organized by specific locations. You can expand a specific location to view the associated connections.

    You can perform the following actions in this report:

    • View connection details. If you select the information icon beside a connection, connection details appear in a separate window.
    • Add data to the filter. You can decide to exclude or include data in the filter.
    • View the Indicators of Compromise (IOC) details for a requested domain. When viewing events based on domain, you can click the information icon and the IOC Details appear in a separate window.

If you are a delegated administrator, the data that appears in this report is based on the locations you created and are allowed to access. A tenant administrator cannot view the Network Traffic report.