Key Space Explorer
A very common use case for network traffic and security analytics is to quickly to a spatial search for historical activity in an arbitrary range of keys.
Examples of spatial search
Search for all Host IPs in an arbitrary range ( a CIDR block such as 192.168.0.0/16 or a random range 192.168.2.10 ~ 192.168.2.20
Search for all Port activity in range Port 1000 to Port 10000
Search for all AS Numbers between 65536 and 500000
Search for all Countries between codes AA and MM
— any range of this sort in any counter group
When you use the Keyspace Explorer app, you will select a counter group, then enter a range of Keys and the Metrics you are interested in. The results will be shown to you in the form of a Magic Map – a special type of Tree Map.
How to install ?
- Login as Admin. Select Web Admin > Manage > Apps > KeySpace Explorer
- Once you install the app, it will automatically get added to the dashboard
How to view the Magic chart?
- Login as User. Select Dashboards > Show All > KeySpace Explorer.
- Select the “Counter Group” for which you need to analyze. For this example – let us select the Internal Hosts counter group
- In the “Key spaces” field, select the range of IP. Here you can enter the range in CIDR format (Example: 192.168.0.0/16) or an arbitrary range which need not even map to a subnet. (Example : 192.168.1.10~192.168.1.20)
- Select the required meters in “Meters” field. Select Received and Transmit Traffic
- You can dynamically change the Time frame depending on the requirement in the “Time frame” field
The following information is displayed.
- For each IP found in the range, the metrics selected. In this case, the total received and transmit traffic for each IP is shown
- You will get the list of IPs with the volume of the flow transmitted and received
To learn more about Trisul apps : https://www.trisul.org/devzone/doku.php/apps
Here is a short video showing Key Space Explorer app at work