Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

close
keyboard_arrow_left
list Table of Contents
file_download PDF
keyboard_arrow_right

Network Connections Overview

date_range 07-Aug-21

SUMMARY A connection is a recording of a communication, including denied communications, between two unique IP addresses to a specific destination port, as detected over a specific time interval.

If two IP addresses communicate on a port many times within a specific time interval, only one communication is recorded. The total number of bytes that are communicated and the number of flows are included in the connection information. The connection information is stored in the database for each time interval.

Bidirectional Flow Traffic

Connections data from unidirectional flows is not recorded. Connections from bidirectional flow traffic that is from a flow source and from firewall or router deny events is recorded in these situations:

  • The destination is remote, which means that it is outside of your network hierarchy. The connection is local to remote, not remote to remote.
  • The destination is local, which means that it is inside your network hierarchy. The destination IP address and port that are contained in the flow record are in the asset database and the destination port is open.

Investigating Network Connections

You can monitor and investigate network device connections or do advanced searches. Complete the following tasks on the Connections page.

  • Search connections.
  • Search a subset of connections.
  • Mark search results as false positives to prevent false positive events from creating offenses.
  • View connection information grouped by various options.
  • Export connections in XML or CSV format.
  • Use the interactive graph to view connections in your network.
external-footer-nav