: View Data in a Visualization Map
Focus
Focus

View Data in a Visualization Map

Table of Contents

View Data in a Visualization Map

Organize how to visualize the devices on your network using device attributes or Purdue levels.
Options for navigating a visualization map and viewing its data apply to both types of visualization methods: device attributes and Purdue levels.
Nodes (Groups and Devices)
The nodes on each level of a map are depicted as circles and the dashed lines between nodes represent network connections. A node can be a group of objects such as subnets, VLAN-IDs, device categories, device profiles, vendors, or risk levels, or a node can be a single device within one of these groups. The number that’s shown within the circle of a group indicates how many devices are in it. Some groups have colored segments around the edge of their circle. These indicate the proportion of devices within it that have a particular risk severity. Critical is red, high is orange, and medium is yellow. A low risk level is the remaining gray that circumscribes the circle. (In other parts of the IoT Security portal, blue represents a low severity level; however, because blue is used to highlight nodes in visualization maps, it’s not used here to indicate a low risk level.) The size of the circle for a group indicates the proportion of devices in it in relation to other groups on the map.
Highlight
The highlight tool, located at the top of a visualization map, helps you find devices with certain characteristics. To use it, enter one or more filters using query language and then click Highlight. IoT Security highlights (with a blue ring or partial ring) all groups and devices that match the filters. The length of the ring denotes the proportion of items in a group matching the highlight definition. You can then drill down to the highlighted devices that match the filters.
Interactions
  • Hover: Hover your cursor over a group of devices to see a pop-up panel with information about the groups and devices within it. You can hover your cursor over a group that contains other groups to see information about devices within all the groups or you can hover your cursor over one of the inner groups to see information just about that one. Hovering over a device displays a pop-up panel with information about that device.
  • Click once: Clicking a group or device once puts it in focus and displays an information panel about it on the right side of the map. Clicking the External Link icon at the top of the device information panel opens the Device Details page for the device, where you can see relevant information.
  • Click twice: Clicking a group twice (double-clicking or clicking on a focused group or device) drills into it to see its contents and the network connections of its contents to other groups. Clicking a device twice shows its network connections to other devices.
  • Reposition nodes: You can also drag groups and devices to reposition them on the map. This feature only works on the main map display. When you double-click a particular group, the new group in focus always appears centered on the map.
  • Use the table and breadcrumbs: Use links in the table to navigate through map layers by clicking links in table columns to drill down deeper into the map and clicking links in the breadcrumbs above the table to move up to higher layers.
  • Use the Back button: In addition to clicking the breadcrumbs above the table to move back to a higher map layer, you can also click the Back button between the IoT Security logo and map name at the top of the page. When you’re already at the top map layer, clicking the Back button exits the current map and returns to the visualizations landing page.
Map Name and Totals
A summary of various totals appears below the map name in the upper left of the page.
For example, the first number might be the number of subnets, the second the number of categories, and the third the number of devices on a map. If the scope contains more than 500 nodes, consider reducing the scope so the map can display them.
After creating a map and engaging with it, you might make some changes and tweaks and decide you want to save the edited map. To do that, click the Edit Map icon next to the map name. IoT Security displays the Update Network Visualization Map panel where you can change the map name, description, the visualization method, and scope and then Confirm your changes. Another option in the Update Network Visualization Map panel is Map Builder. Click Map Builder to view the map and make edits to the visualization method (Device Grouping) and scope. By clicking Update after adding or removing filters to the scope, you can see how your changes affect the contents of the map. When done, click Update Map, which returns you to Update Network Visualization Map. Review your modified settings and, if satisfied, Confirm the changes. If you aren’t yet satisfied, click Map Builder again to return to the map and continue making adjustments as necessary.
Legend
On the left of a visualization map are zoom in (+) and zoom out (-) icons and an information icon that opens a legend of what the colors and icons mean. Click to expand it.
Basic
  • When viewing an individual device, its risk level is indicated by the color at 1:00 on the circle.
  • When viewing a device group, the risk level or levels of the devices within it are indicated by red, orange, and yellow around the edge of the circle. The amount of each color is the proportion of devices at that risk level in relation to the overall number of devices in the group.
  • When using the highlight tool to find devices with a particular attribute, a blue ring—or segment of a ring—appears within the edge of a group, its length indicating the proportion of devices with the highlighted attribute in the group. The longer the blue segment is, the more highlighted devices there are proportionally.
Risk Level
  • The color for each risk level is identified.
Icons
  • A green globe indicates that one or more devices in a group have connections to normal Internet sites.
  • A red globe indicates that one or more devices have connections to malicious Internet sites.
  • A three-pronged yellow icon indicates that there are one or more connections to off-map devices; that is, to devices that are on the local network but aren’t within the scope defined for this visualization map.
  • A laptop icon indicates that one or more devices have connections to IP endpoints on the local network. An IP endpoint is the source or destination of a network connection for which IoT Security has learned an IP address but not a MAC address.
Map Management
In the Map Management section, you can control what types of devices and connections to display on the map. By selecting and clearing their check boxes, you can toggle the icons on and off on the map.
  • Inner Connection: Select or clear the check box to show or hide inner connections, which are connections within the same device grouping. Because connections between groups are typically of more interest, this is toggled off by default. To see inner connections (connections between devices in the same group), toggle on Inner connections.
  • Device visualization maps sometimes include IP Endpoints, Off-map Devices, and Internet Connections (Normal and Malicious) whenever it’s necessary to show connections between devices defined within the scope of a visualization map and destinations outside that scope. Off-map devices (dark yellow shaded circles) and IP endpoints (gray shaded circles) are located in the local, private network, and Internet addresses are sites in the external public network (green shaded circles for normal sites and red shaded for malicious sites). An IP endpoint is a device for which IoT Security knows an IP address. An out-of-scope device is one for which IoT Security knows both an IP address and a MAC address but is outside the map scope. As with other device groups, you can also drill into groups of out-of-scope devices and endpoints and Internet addresses. Click the group once to put it in focus and open an information panel. Click it twice to zoom into it and view its contents.