Network analytics report

Views:

View network correlations between nodes highlighted in Workbench and related obejcts.

Important

For accurate analysis, configure your Network Resource Lists in Network Security → Network Analysis Configuration → Network Resources. Configuring Network Resource Lists provides the Network Analytics engine with context about the topography of your security environment. You can configure multiple Network Resource profiles for more granular detail, especially if you monitor multiple networks or company branches from your Trend Vision One console.

The network analytics report is available for all apps that use Network Sensors as a data source, including Virtual Network Sensor, TippingPoint, and Deep Discovery Inspector.

The network analytics report shows network correlations between the trigger object selected in Observable Graph and other related objects. The network analytics report consists of three main sections: Summary, Correlation Graph, and Transactions and IoCs.

NetworkAnalyticsSummary=908e2955-b759-4dec-b1db-f75b4958cc7e.png — Network analytics report summary

The Summary includes the following information:

Severity
Number of detected internal hosts and indicators of compromise (IOCs)
Attack patterns
High-level overview of the malicious activity of the correlated event

You can show or hide the summary section using the show/hide icons ( dddna_summary_collapse=GUID-30E62BCB-0E12-4C53-967D-71834FAF56FD=1=en-us=Low.png

dddna_summary_collapse=GUID-30E62BCB-0E12-4C53-967D-71834FAF56FD=1=en-us=Low.png

dddna_summary_expand=GUID-CA101720-956C-4123-A237-5A030D727B17=1=en-us=Low.png

For more details about the information provided in summary and the actions you can take, see Review the summary.

NetworkAnalyticsCorrelationGraph=2b91ced1-76bf-469d-a2c8-5cce6ea73150.png — Network analytics correlation graph

The Correlation Graph provides a visual representation of correlations made between the selected suspicious object and other related objects.

Click

dddna_graph_filter=GUID-1A803C70-BBB6-4F2B-BF16-6B5CFFFAC409=1=en-us=Low.png

next to the Playback Bar to display or hide the advanced search filter.

For more details about the information displayed in the correlation graph and the actions you can take, see Analysis using the Correlation Graph.

NetworkAnalyticsTransIoCs=018d2129-a55d-4e05-89db-568536cc0af8.png — Network analytics transactions and IOCs

The Transactions and IOCs section provides details about each transaction represented in the correlation graph and each detected Indicator of Compromise (IOC).

The report lists transactions from oldest to most recent. Listed transactions might have occurred in a single day or span several months, depending on the correlations found by Network Analytics. The report lists IOCs from oldest to most recent.

You can show or hide the transactions and IOCs section using the show/hide icons ( dddna_trans_iocs_collapse=GUID-90155883-8966-4D26-B6AC-D0918BEC3089=1=en-us=Low.png

dddna_trans_iocs_collapse=GUID-90155883-8966-4D26-B6AC-D0918BEC3089=1=en-us=Low.png

dddna_trans_iocs_expand=GUID-ACD57F7E-4D64-4EAF-B624-D22B51459C24=1=en-us=Low.png

For more details about the information displayed in the transactions and IOCs section, see Analysis using Transactions and IOCs.