Skip to main content

Visualizer

Introduction

The alerts page will provide a detailed analysis of the threats to your network. Here, we are going to talk about the Visualizer. It offers two main perspectives: a Summary view and an Extended view.

Usage

Summary View

The Summary view presents a synthesis of critical information that allows for quick identification of trends and essential points of network security:

  • Most Active IPs: Identify the IP addresses that generate the most alerts.
  • Common Attack Scenarios: Discover the most frequent types of attacks and the tactics used by attackers.
  • Target Security Engines: Specify the Security Engines that are the focus of the attacks.
  • Source AS: Determine the Autonomous Systems responsible for originating the network traffic.

Alerts Summary

Extended View

The Extended view provides in-depth analysis through interactive visualizations. Each section displays the top ten in each category. Opening the bar chart will display all related info.

Alerts extended

Good to know

Numerous items on the page have multiple actions available when clicking on them. For example, clicking on an IP can:

  • Open the CrowdSec CTI to get more information related to IP behavior on our network
  • Filter on all the alerts triggered by this IP alone.
  • Exclude this IP from the current page filters. Helpful when doing tests and your IP could be displayed.
  • Copy the following IP in your clipboard.

Alerts actions

Navigation through the view can be easily accomplished using the button above.

Alerts actions

CrowdSec ConsoleCrowdSec Console