View Data in a Visualization Map
Organize how to visualize the devices on your network
using device attributes or Purdue levels.
| Where Can I Use This? | What Do I Need? |
|---|
Options for navigating a visualization map and viewing its data apply to both types of
visualization methods: device attributes and Purdue levels.
Nodes (Groups and Devices)
The nodes on each level of a map are depicted as circles and the dashed lines
between nodes represent network connections. A node can be a group of objects such as
subnets, VLAN-IDs, device categories, device profiles, vendors, or risk levels, or a
node can be a single device within one of these groups. The number that’s shown within
the circle of a group indicates how many devices are in it. Some groups have colored
segments around the edge of their circle. These indicate the proportion of devices
within it that have a particular risk severity. Critical is red, high is orange, and
medium is yellow. A low risk level is the remaining gray that circumscribes the circle.
(In other parts of the Device Security interface, blue represents a low severity level;
however, because blue is used to highlight nodes in visualization maps, it’s not used
here to indicate a low risk level.) The size of the circle for a group indicates the
proportion of devices in it in relation to other groups on the map.
Highlight
The highlight tool, located at the top of a visualization map, helps you find
devices with certain characteristics. To use it, enter one or more filters using query
language and then click Highlight. Device Security highlights (with
a blue ring or partial ring) all groups and devices that match the filters. The length
of the ring denotes the proportion of items in a group matching the highlight
definition. You can then drill down to the highlighted devices that match the
filters.
Interactions
Hover: Hover your cursor over a group of devices to see a pop-up
panel with information about the groups and devices within it. You can hover
your cursor over a group that contains other groups to see information about
devices within all the groups or you can hover your cursor over one of the inner
groups to see information just about that one. Hovering over a device displays a
pop-up panel with information about that device.
Click once: Clicking a group or device once puts it in focus and
displays an information panel about it on the right side of the map. Clicking
the External Link icon at the top of the device
information panel opens the Device Details page for the device, where you can
see relevant information.
Click twice: Clicking a group twice (double-clicking or clicking
on a focused group or device) drills into it to see its contents and the network
connections of its contents to other groups. Clicking a device twice shows its
network connections to other devices.
Reposition nodes: You can also drag groups and devices to
reposition them on the map. This feature only works on the main map display.
When you double-click a particular group, the new group in focus always appears
centered on the map.
Use the table and breadcrumbs: Use links in the table to
navigate through map layers by clicking links in table columns to drill down
deeper into the map and clicking links in the breadcrumbs above the table to
move up to higher layers.
Use the Back button: In addition to clicking the breadcrumbs above the
table to move back to a higher map layer, you can also click the
Back button between the Device Security logo and map
name at the top of the page. When you’re already at the top map layer, clicking
the Back button exits the current map and returns to the
visualizations landing page.
Map Name and Totals
A summary of various totals appears below the map name in the upper left of the
page.
For example, the first number might be the number of subnets, the second the
number of categories, and the third the number of devices on a map. If the scope
contains more than 500 nodes, consider reducing the scope so the map can display them.
After creating a map and engaging with it, you might make some changes and
tweaks and decide you want to save the edited map. To do that, click the Edit
Map icon next to the map name. Device Security displays the Update Network
Visualization Map panel where you can change the map name, description, the
visualization method, and scope and then Confirm your changes.
Another option in the Update Network Visualization Map panel is Map Builder. Click
Map Builder to view the map and make edits to the
visualization method (Device Grouping) and scope. By clicking
Update after adding or removing filters to the scope, you can
see how your changes affect the contents of the map. When done, click Update
Map, which returns you to Update Network Visualization Map. Review your
modified settings and, if satisfied, Confirm the changes. If you
aren’t yet satisfied, click Map Builder again to return to the
map and continue making adjustments as necessary.
Legend
On the left of a visualization map are zoom in (+) and zoom out (-) icons and
an information icon that opens a legend of what the colors and icons mean. Click to
expand it.
Basic
When viewing an individual device, its risk level is indicated by the
color at 1:00 on the circle.
When viewing a device group, the risk level or levels of the devices
within it are indicated by red, orange, and yellow around the edge of the
circle. The amount of each color is the proportion of devices at that risk level
in relation to the overall number of devices in the group.
When using the highlight tool to find devices with a particular
attribute, a blue ring—or segment of a ring—appears within the edge of a group,
its length indicating the proportion of devices with the highlighted attribute
in the group. The longer the blue segment is, the more highlighted devices there
are proportionally.
Risk Level
Icons
A green globe indicates that one or more devices in a group have
connections to normal internet sites.
A red globe indicates that one or more devices have connections to
malicious internet sites.
A three-pronged yellow icon indicates that there are one or more
connections to off-map devices; that is, to devices that are on the local
network but aren’t within the scope defined for this visualization map.
A laptop icon indicates that one or more devices have connections to IP
endpoints on the local network. An IP endpoint is the source or destination of a
network connection for which Device Security has learned an IP address but not a
MAC address.
Map Management
In the Map Management section, you can control what types of devices and
connections to display on the map. By selecting and clearing their check boxes, you can
toggle the icons on and off on the map.
Inner Connection: Select or clear the check box
to show or hide inner connections, which are connections within the same device
grouping. Because connections between groups are typically of more interest,
this is toggled off by default. To see inner connections (connections between
devices in the same group), toggle on Inner connections.
Device visualization maps sometimes include IP
Endpoints, Off-map Devices, and
Internet Connections (Normal
and Malicious) whenever it’s necessary to show
connections between devices defined within the scope of a visualization map and
destinations outside that scope. Off-map devices (dark yellow shaded circles)
and IP endpoints (gray shaded circles) are located in the local, private
network, and internet addresses are sites in the external public network (green
shaded circles for normal sites and red shaded for malicious sites). An IP
endpoint is a device for which Device Security knows an IP address. An out-of-scope
device is one for which Device Security knows both an IP address and a MAC address
but is outside the map scope. As with other device groups, you can also drill
into groups of out-of-scope devices and endpoints and internet addresses. Click
the group once to put it in focus and open an information panel. Click it twice
to zoom into it and view its contents.
