Keyspace Explorer – a Trisul App for spatial searches

Key Space Explorer

 

A very common use case for network traffic and security analytics is to quickly to a spatial search for historical activity in an arbitrary range of keys.

Examples of spatial search

Search for all Host IPs in an arbitrary range ( a CIDR block such as 192.168.0.0/16 or a random range 192.168.2.10 ~ 192.168.2.20

Search for all Port activity in range Port 1000 to Port 10000

Search for all AS Numbers between 65536 and 500000

Search for all Countries between codes AA and MM

any range of this sort in any counter group

When you use the Keyspace Explorer app, you will select a counter group, then enter a range of Keys and the Metrics you are interested in. The results will be shown to you in the form of a Magic Map – a special type of Tree Map.

How to install ?

  • Login as Admin. Select  Web Admin > Manage > Apps > KeySpace Explorer
  • Once you install the app, it will automatically get added to the dashboard

How to view the Magic chart?

  • Login as User. Select Dashboards > Show All > KeySpace Explorer.
  • Select the “Counter Group” for which you need to analyze. For this example – let us select the Internal Hosts counter group
  • In the “Key spaces” field, select the range of IP. Here you can enter the range in CIDR format (Example: 192.168.0.0/16) or an arbitrary range which need not even map to a subnet. (Example : 192.168.1.10~192.168.1.20)
  • Select the required meters in “Meters” field. Select Received and Transmit Traffic
  • You can dynamically change the Time frame depending on the requirement in the “Time frame” field

The following information is displayed.

  1. For each IP found in the range, the metrics selected. In this case, the total received and transmit traffic for each IP is shown
  2. You will get the list of IPs with the volume of the flow transmitted and received

To learn more about Trisul apps : https://www.trisul.org/devzone/doku.php/apps

 

DOWNLOAD TRISUL NOW!

Here is a short video showing Key Space Explorer app at work