View Data in a Visualization Map
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
View Data in a Visualization Map
Organize how to visualize the devices on your network
using device attributes or Purdue levels.
Options for navigating a visualization map and viewing its data apply to both types of
visualization methods: device attributes and Purdue levels.
Nodes (Groups and Devices)
The nodes on each level of a map are depicted as circles and the dashed lines
between nodes represent network connections. A node can be a group of objects such as
subnets, VLAN-IDs, device categories, device profiles, vendors, or risk levels, or a
node can be a single device within one of these groups. The number that’s shown within
the circle of a group indicates how many devices are in it. Some groups have colored
segments around the edge of their circle. These indicate the proportion of devices
within it that have a particular risk severity. Critical is red, high is orange, and
medium is yellow. A low risk level is the remaining gray that circumscribes the circle.
(In other parts of the IoT Security portal, blue represents a low severity level;
however, because blue is used to highlight nodes in visualization maps, it’s not used
here to indicate a low risk level.) The size of the circle for a group indicates the
proportion of devices in it in relation to other groups on the map.
Highlight
The highlight tool, located at the top of a visualization map, helps you find
devices with certain characteristics. To use it, enter one or more filters using query
language and then click Highlight. IoT Security highlights (with
a blue ring or partial ring) all groups and devices that match the filters. The length
of the ring denotes the proportion of items in a group matching the highlight
definition. You can then drill down to the highlighted devices that match the
filters.
Interactions
- Hover: Hover your cursor over a group of devices to see a pop-up panel with information about the groups and devices within it. You can hover your cursor over a group that contains other groups to see information about devices within all the groups or you can hover your cursor over one of the inner groups to see information just about that one. Hovering over a device displays a pop-up panel with information about that device.
- Click once: Clicking a group or device once puts it in focus and displays an information panel about it on the right side of the map. Clicking the External Link icon at the top of the device information panel opens the Device Details page for the device, where you can see relevant information.
- Click twice: Clicking a group twice (double-clicking or clicking on a focused group or device) drills into it to see its contents and the network connections of its contents to other groups. Clicking a device twice shows its network connections to other devices.
- Reposition nodes: You can also drag groups and devices to reposition them on the map. This feature only works on the main map display. When you double-click a particular group, the new group in focus always appears centered on the map.
- Use the table and breadcrumbs: Use links in the table to navigate through map layers by clicking links in table columns to drill down deeper into the map and clicking links in the breadcrumbs above the table to move up to higher layers.
- Use the Back button: In addition to clicking the breadcrumbs above the table to move back to a higher map layer, you can also click the Back button between the IoT Security logo and map name at the top of the page. When you’re already at the top map layer, clicking the Back button exits the current map and returns to the visualizations landing page.
Map Name and Totals
A summary of various totals appears below the map name in the upper left of the
page.
For example, the first number might be the number of subnets, the second the
number of categories, and the third the number of devices on a map. If the scope
contains more than 500 nodes, consider reducing the scope so the map can display them.
After creating a map and engaging with it, you might make some changes and
tweaks and decide you want to save the edited map. To do that, click the Edit
Map icon next to the map name. IoT Security displays the Update Network
Visualization Map panel where you can change the map name, description, the
visualization method, and scope and then Confirm your changes.
Another option in the Update Network Visualization Map panel is Map Builder. Click
Map Builder to view the map and make edits to the
visualization method (Device Grouping) and scope. By clicking
Update after adding or removing filters to the scope, you can
see how your changes affect the contents of the map. When done, click Update
Map, which returns you to Update Network Visualization Map. Review your
modified settings and, if satisfied, Confirm the changes. If you
aren’t yet satisfied, click Map Builder again to return to the
map and continue making adjustments as necessary.
Legend
On the left of a visualization map are zoom in (+) and zoom out (-) icons and
an information icon that opens a legend of what the colors and icons mean. Click to
expand it.
Basic
- When viewing an individual device, its risk level is indicated by the color at 1:00 on the circle.
- When viewing a device group, the risk level or levels of the devices within it are indicated by red, orange, and yellow around the edge of the circle. The amount of each color is the proportion of devices at that risk level in relation to the overall number of devices in the group.
- When using the highlight tool to find devices with a particular attribute, a blue ring—or segment of a ring—appears within the edge of a group, its length indicating the proportion of devices with the highlighted attribute in the group. The longer the blue segment is, the more highlighted devices there are proportionally.
Risk Level
- The color for each risk level is identified.
Icons
- A green globe indicates that one or more devices in a group have connections to normal Internet sites.
- A red globe indicates that one or more devices have connections to malicious Internet sites.
- A three-pronged yellow icon indicates that there are one or more connections to off-map devices; that is, to devices that are on the local network but aren’t within the scope defined for this visualization map.
- A laptop icon indicates that one or more devices have connections to IP endpoints on the local network. An IP endpoint is the source or destination of a network connection for which IoT Security has learned an IP address but not a MAC address.
Map Management
In the Map Management section, you can control what types of devices and
connections to display on the map. By selecting and clearing their check boxes, you can
toggle the icons on and off on the map.
- Inner Connection: Select or clear the check box to show or hide inner connections, which are connections within the same device grouping. Because connections between groups are typically of more interest, this is toggled off by default. To see inner connections (connections between devices in the same group), toggle on Inner connections.
- Device visualization maps sometimes include IP Endpoints, Off-map Devices, and Internet Connections (Normal and Malicious) whenever it’s necessary to show connections between devices defined within the scope of a visualization map and destinations outside that scope. Off-map devices (dark yellow shaded circles) and IP endpoints (gray shaded circles) are located in the local, private network, and Internet addresses are sites in the external public network (green shaded circles for normal sites and red shaded for malicious sites). An IP endpoint is a device for which IoT Security knows an IP address. An out-of-scope device is one for which IoT Security knows both an IP address and a MAC address but is outside the map scope. As with other device groups, you can also drill into groups of out-of-scope devices and endpoints and Internet addresses. Click the group once to put it in focus and open an information panel. Click it twice to zoom into it and view its contents.