Application Delivery Management

Dashboards

May 24, 2018

Citrix Application Delivery Management (ADM) provides two dashboards, the Outbound Traffic Dashboard and User Dashboard. These dashboards display multiple charts that summarize the websites or applications accessed from the enterprise network and also the activities performed by the users in your network.

Outbound Traffic Dashboard

The Outbound Traffic Dashboard provides a summary of the URLs or Domains accessed from your network. It provides a holistic view of the all the URLs or Domains by number of transactions or data volume consumed by the URLs or Domains. It also provides details such as the following:

  1. Amount of bandwidth consumed by the URLs or domains accessed from your network.

  2. Number of transactions that occurred while accessing the URLs and domains from your network.

  3. Number of SSL connections intercepted by the Citrix SWG appliance during the transactions.

  4. Number of SSL connections not intercepted by Citrix SWG appliance during the transactions.

  5. Number of SSL connections reset by the Citrix SWG appliance during the transactions.

  6. Amount of web traffic transmitted, based on the port used to transmit the traffic, the protocol used by the web traffic, and the client operating systems used to transmit the traffic.

To access the Outbound Traffic Dashboard, navigate to Applications > Outbound Traffic Dashboard.

localized image

View the Outbound Traffic from the Network

The Outbound Traffic Dashboard includes an Outbound Traffic Overview pane. In the Outbound Traffic Overview pane, Citrix ADM groups the accessed URLs or domains into categories, such as Shopping, News, Social Networking, and so on. The Outbound Traffic Overview pane displays the URLs or domains accessed from your network as nodes in the URL categories. The nodes are sized according to the data volume consumed by accessing the URL or domain. The color of the node indicates the number of transactions that occurred while accessing the URL or domain.

localized image

You can click on a category to filter the charts to display details related the category for the specified time frame.

User Dashboard

The User Dashboard displays a summary of the activities performed by the users in your enterprise. It provides key metrics that you can use to determine the following:

  1. Browsing behavior of users in your enterprise.

  2. URL categories accessed by the users in your enterprise.

  3. Top five users, based on their risk scores and the bandwidth they consume. For more information about risk score, see Risk Score.

  4. Browsers used to access the URLs or domains.

  5. Amount web traffic generated by the users, based on the traffic reputation score.

To access the User Dashboard, navigate to Users > Dashboard.

localized image

You can click on a user in the Top Users pane to filter the charts to display details of the web activity performed by the user in the specified time frame.

User Activity Investigator

The User Dashboard includes a User Activity Investigator pane displaying various web activities performed by the users. It shows the URL categories accessed by the users during the selected time frame, and various events triggered per URL category. You can click on the events to get the transaction level details.

The User Activity Investigator displays key information such as browsing behavior of the user, high risk activity by the user, and triggered events, per URL category. The events are shown as rectangular legends on the chart. Each of the legends is aggregated at one-minute intervals if the selected duration is one hour, and at one-hour intervals if the selected duration is one day.

localized image

These legends are aggregated, and are color coded according to the number of events that have occurred. You can hover your mouse pointer on a legend to show details such as time and the number of events aggregated for the selected legend. You can customize the time period of the graph by selecting a time from the time-period drop down.

You can click on the events to further drill down for the details of the transactions.

User Transactions

The User Transactions page displays the details of the user transactions in your network. It provides transaction-level details such as:

  1. Time at which the transaction occurred

  2. Protocol used for the transaction

  3. User name

  4. Domain that was accessed by the user

  5. URL category

  6. Proxy server used to intercept the transaction

  7. Client port details

  8. Bytes In

  9. Bytes Out

    localized image

Summary panel

The Summary Panel displays all the metrics of the transactions that are visible in the Transaction Details pane. This panel enables you to sort and view the transactions in the Transaction Details pane by selecting or deselecting the metrics. The Summary Panel displays the following metrics:

Metrics Description
Protocols Protocols used in the transactions
Ports Ports used for the transactions
URL Reputation URL reputation score
Browsers Browsers used for the transactions
Operation System Operating system used for the transactions
Bytes In Amount of data received through the Citrix SWG Appliance.
Bytes Out Amount of data sent through the Citrix SWG Appliance.

Risk Score

Risk Score is a scoring system used in Citrix ADM to determine the risks associated with users in your enterprise. Citrix ADM assigns a risk score based on the URL reputation score assigned by the Citrix SWG appliance for the URLs accessed by the users in your network. For information on URL reputation score, see URL Reputation Score. The following table describes the Risk Scores assigned by Citrix ADM.

Risk Score Description
1 The web activity of the user has no perceived threat or is not abnormal.
2 The web activity of the user has no perceived threat or is not abnormal, but the user is accessing “Unknown Sites,” which do not have URL reputation scores.
3 No threat is detected in the web activity of the user, but the user has attempted to access sites that are potentially vulnerable or affiliated with sites that are potentially vulnerable.
4 Potentially compromised user.
5 The web activity of the user is abnormal and the user has accessed known malicious sites.
Dashboards