Real Time Stabbers
Real time stabbers allow you to monitor various types of network activity within a 5 second delay.
A Real Time Stabber is a tool that allows you to get instant visibility into selected network traffic. The inspiration comes from the thermometer you stab into a piece of cake in the oven to check its temperature.
- Key Traffic Stabber
Graphs network traffic of any item in real time. Example : Plot transmitted and received traffic of your mail server.
- Counter Group Stabber
Shows most active items in any counter group. Example : Show most active applications by total traffic.
- Flow Stabber
Currently active flows for a host or port. Example : Show flows for IP 10.18.10.10
- Alert Stabber
Real time animated view of all alert activity in your network.
- Websockets This feature requires a Websockets capable browser.
- LocalStorage Real time stabbers make extensive use of HTML5 local storage.
- Firewall Websockets feed arrive on TCP port 3003, open this on your firewall.
There are three ways to access real time stabbers.
1. From the context menu in any module
- Click on the little tag symbol beside any item to bring up the contextual menu
- Select a real time stabbers from the choices shown
2. From any key dashboard
Lets say you are investigating an arbitrary item using the Key Dashboard
- Click on a Real Time Stabbers from the menu as shown below
3. From the menu
- Select a counter group
- Select one or more meters
- A set of stabber windows each corresponding to top activity of the meters selected is shown
Key Traffic StabberTop
Use this to continuously monitor traffic (bandwidth) used by a particular item with a 5-second delay.
- zoom – select a time interval with mouse
- pan – ctrl + mouse
- smoothen – enter a number -say 5 or 10 in the box
Counter Group StabberTop
Top users of any counter group with a 5-second delay.
The image below shows a counter group stabber viewing top
Internal Hosts based on the meter
Real time flow activity for any host or port.
- This is a live view, as each flow progresses the numbers update in real time.
A real time view into all IDS alert activity in your network. As new alerts come in they are animated and then transitioned onto the real time visualization.
- Live view optimized to handle large volumes
- Interactive bubbles allow you to sift through different alert types
- Real time aggregated list gives you instant overview