NetScaler MAS provides two dashboards, the Outbound Traffic Dashboard and User Dashboard. These dashboards display multiple charts that summarize the websites or applications accessed from the enterprise network and also the activities performed by the users in your network.
Outbound Traffic Dashboard
The Outbound Traffic Dashboard provides a summary of the URLs or Domains accessed from your network. It provides a holistic view of the all the URLs or Domains by number of transactions or data volume consumed by the URLs or Domains. It also provides details such as the following:
Amount of bandwidth consumed by the URLs or domains accessed from your network.
Number of transactions that occurred while accessing the URLs and domains from your network.
Number of SSL connections intercepted by the NetScaler SWG appliance during the transactions.
Number of SSL connections not intercepted by NetScaler SWG appliance during the transactions.
Number of SSL connections reset by the NetScaler SWG appliance during the transactions.
Amount of web traffic transmitted, based on the port used to transmit the traffic, the protocol used by the web traffic, and the client operating systems used to transmit the traffic.
To access the Outbound Traffic Dashboard, navigate to Applications > Outbound Traffic Dashboard.
View the Outbound Traffic from the Network
The Outbound Traffic Dashboard includes an Outbound Traffic Overview pane. In the Outbound Traffic Overview pane, NetScaler MAS groups the accessed URLs or domains into categories, such as Shopping, News, Social Networking, and so on. The Outbound Traffic Overview pane displays the URLs or domains accessed from your network as nodes in the URL categories. The nodes are sized according to the data volume consumed by accessing the URL or domain. The color of the node indicates the number of transactions that occurred while accessing the URL or domain.
You can click on a category to filter the charts to display details related the category for the specified time frame.
The User Dashboard displays a summary of the activities performed by the users in your enterprise. It provides key metrics that you can use to determine the following:
Browsing behavior of users in your enterprise.
URL categories accessed by the users in your enterprise.
Top five users, based on their risk scores and the bandwidth they consume. For more information about risk score, see Risk Score.
Browsers used to access the URLs or domains.
Amount web traffic generated by the users, based on the traffic reputation score.
To access the User Dashboard, navigate to Users > Dashboard.
You can click on a user in the Top Users pane to filter the charts to display details of the web activity performed by the user in the specified time frame.
User Activity Investigator
The User Dashboard includes a User Activity Investigator pane displaying various web activities performed by the users. It shows the URL categories accessed by the users during the selected time frame, and various events triggered per URL category. You can click on the events to get the transaction level details.
The User Activity Investigator displays key information such as browsing behavior of the user, high risk activity by the user, and triggered events, per URL category. The events are shown as rectangular legends on the chart. Each of the legends is aggregated at one-minute intervals if the selected duration is one hour, and at one-hour intervals if the selected duration is one day.
These legends are aggregated, and are color coded according to the number of events that have occurred. You can hover your mouse pointer on a legend to show details such as time and the number of events aggregated for the selected legend. You can customize the time period of the graph by selecting a time from the time-period drop down.
You can click on the events to further drill down for the details of the transactions.
The User Transactions page displays the details of the user transactions in your network. It provides transaction-level details such as:
Time at which the transaction occurred
Protocol used for the transaction
Domain that was accessed by the user
Proxy server used to intercept the transaction
Client port details
The Summary Panel displays all the metrics of the transactions that are visible in the Transaction Details pane. This panel enables you to sort and view the transactions in the Transaction Details pane by selecting or deselecting the metrics. The Summary Panel displays the following metrics:
|Protocols||Protocols used in the transactions|
|Ports||Ports used for the transactions|
|URL Reputation||URL reputation score|
|Browsers||Browsers used for the transactions|
|Operation System||Operating system used for the transactions|
|Bytes In||Amount of data received through the NetScaler SWG Appliance.|
|Bytes Out||Amount of data sent through the NetScaler SWG Appliance.|
Risk Score is a scoring system used in NetScaler MAS to determine the risks associated with users in your enterprise. NetScaler MAS assigns a risk score based on the URL reputation score assigned by the NetScaler SWG appliance for the URLs accessed by the users in your network. For information on URL reputation score, see URL Reputation Score. The following table describes the Risk Scores assigned by NetScaler MAS.
|1||The web activity of the user has no perceived threat or is not abnormal.|
|2||The web activity of the user has no perceived threat or is not abnormal, but the user is accessing “Unknown Sites,” which do not have URL reputation scores.|
|3||No threat is detected in the web activity of the user, but the user has attempted to access sites that are potentially vulnerable or affiliated with sites that are potentially vulnerable.|
|4||Potentially compromised user.|
|5||The web activity of the user is abnormal and the user has accessed known malicious sites.|