Source IP Visibility Overview
Starting in Junos Space Security Director Release 16.1, you can use the Source IP Visibility page to view information related to bandwidth consumption, session establishment, and the risks associated with the source IP addresses.
There are two ways to view your data. You can select either the Chart View link or Grid View link. The top 50 source IP addresses are displayed for a time span of one day, by default.
Chart View Overview
Click the Chart View link for a brief summary of the top 50 source IP addresses consuming the maximum bandwidth in your network. The data can be presented graphically as a bubble graph, heat map, or zoomable bubble graph. The data is refreshed automatically based on the selected time range.
You can hover over the source IP addresses to view critical information such as total number of sessions, total bandwidth consumption, and top five applications, bandwidth consumption, and sessions for each application. To view all the applications of an IP address, click View All Applications.
By default, the data is shown in the chart view. Table 1 shows the different filters you can use to view the source IP address data in chart view.
Table 1: Source IP Visibility—Filters in Chart View
By default, data is shown for all the devices in the network. Click Edit to select root devices, Logical Systems (LSYS) devices, or Tenant Systems (TSYS) devices to view the result.
Select the following options from the list to view the source IP address data:
Select the required time range from the list to view the source IP address data.
Use the Custom option to choose the time range if you want to view data for more than one day. The date range is from 00:00 hours to 23:59 hours.
Select the way you want to view the source IP address data:
By default, data is shown in the bubble graph format.
Grid View Overview
Click the Grid View link for comprehensive details of source IP addresses. You can view top source IP addresses by volume and top applications by volume. You can also view the data in a tabular format that includes sortable columns. You can sort the source IP addresses in ascending or descending order. Use the widgets to get an overall, high‐level view of your source IP addresses. You can use the detailed view to get more information about the applications, source IP addresses, and content traversing your network.
The column width, sort order, and column index are continual. The next time you log in, they will be right where you left them.
Table 2: Source IP Visibility—Widgets in Grid View
Top IPs By Volume
Lists top five IP addresses sorted by their bandwidth consumption.
Top Apps By Volume
Lists top five applications being accessed in your network for the specified time range.
Table 3: Source IP Visibility—Detailed View
Shows the source IP addresses.
Shows the bandwidth consumption of the source IP address.
Shows the number of sessions of the source IP address. Click this field to see the logs that contributed to these sessions, in the All Events page.
Shows all the applications used by the source IP address. Click the application to see a detailed view of the applications in the Application Visibility page.
You can invoke the block workflow for any source IP from the grid view.
To invoke the block workflow for a source IP address, you can perform one of the following tasks:
- Select a source IP address and click Block IP. The Block page appears.
- Select a source IP address and click Block User. The Block Users page appears.
- Select a source IP address, and then select the required applications from the Top 5 Applications field and click Block Application(s). The Block Application page appears.