Skip to content

Active Session

Overview

The Active Session dashboard helps in tracking bandwidth usage by network interfaces and provides real-time data related to active network sessions established by end-clients in the Crystal Eye XDR network.

The Bandwidth utilization monitoring dashboard is designed to supplement threat hunt tasks where the primary goal is to detect unusual bandwidth usage spikes caused by C&C communication by malware.

Malware predominantly infiltrates network and communicates with its command & control server. Such a repetitive process causes unusual spikes in bandwidth usage. Monitoring bandwidth usage by network interfaces & devices also helps in highlighting the top talkers in your network building a system to see the consumption of the top sources.

Go to Dashboard > Threat Hunt Dashboard > Active Session

ce-xdr-navigation-active-session

Bandwidth Graphical Format Report

The Bandwidth Graph shows the total bandwidth of all Crystal Eye XDR interfaces over the period of time. The graph is updated on real-time basis and the default data update interval is set to 5 seconds.

ce-xdr-bandwidth-graph-tabular-report1

Note

To view Bandwidth Graphical Report select Bandwidth from the Display dropdown in the Settings section and click the Update button. ce-xdr-bandwidth-graph-tabular-report6

Total Transfer Graphical Format Report

The Total Transfer Graph shows the total data transferred (both upload and download) of all Crystal Eye XDR interfaces over the period of time. The graph is updated on real-time basis and the default data update interval is set to 5 seconds.

ce-xdr-bandwidth-graph-tabular-report4

Note

To view Total Transfer Graphical Report select Total Transfer from the Display dropdown in the Settings section and click the Update button. ce-xdr-bandwidth-graph-tabular-report7

Active Session Tracking (Bandwidth Tabular Format Report)

The Bandwidth Tabular Format Report provides useful real-time data for determining specific end-client in the CE XDR network that might be over-consuming bandwidth.

The tabular bandwidth report below displays active sessions on a real-time basis stating the:

1) Source IP address

2) Destination IP Address

3) Port used while the network session is established

4) Protocol used while the communication is initiated

5) Bandwidth utilization during the network session

ce-xdr-bandwidth-graph-tabular-report2

Note

To view the Bandwidth Tabular Format Report, select the network interface displayed in the tabular report, select Bandwidth in the Display dropdown, select Tabular in the Report Format dropdown and click the Update button. ce-xdr-bandwidth-graph-tabular-report3

Active Session Tracking (Total Transfer Tabular Format Report)

The Total Transfer tabular format report summarizes data coming and going from specific devices during a particular network session.

The tabular total transfer report below displays active network sessions on a real-time basis stating the:

1) Source IP address

2) Destination IP Address

3) Port used while the network session is established

4) Protocol used while the communication is initiated

5) Total data transferred (both upload and download) during the network session (Please note that by selecting the interface in the Settings section you will essentially get active network sessions of that interface displayed in the report dashboard)

ce-xdr-bandwidth-graph-tabular-report5