40. Reports » IP Addresses & Groups¶
This chapter explains how to generate detailed traffic reports for any IP address, block, or group found in Network & Policy » [IP Zone].
Reports » IP Addresses allows you to quickly generate traffic reports for IP addresses and blocks, which can be entered manually on the upper side of the panel or selected from the expandable tree below.
Reports » IP Groups lists IP groups defined in IP Zones. Select an IP group to generate a traffic report for all IP blocks belonging to it. To search for a specific IP group, enter a sub-string contained in its name at the top of the panel.
Each traffic report tab has sub-tabs along the bottom. These sub-tabs share common toolbar fields:
● Sensor Interfaces – Choose the Sensor Interfaces of interest. Administrators may limit which Sensors guest accounts see● Time Range – Select a predefined time range or Custom… to specify a particular interval
Note
The stored data is subject to the General Settings » Data Retention policy, so older data may no longer be available.
40.1. IP Dashboard¶
Here you can group the most relevant data collected for the chosen Sensor Interfaces and the selected IP address, block, or group. This dashboard’s configuration isn’t tied to a specific IP address, block, or group, so any changes you make also appear in other IP dashboards. The basics of dashboard operation are covered in Reports » Dashboards.
40.2. IP Graphs¶
You can generate IP graphs only for the IP addresses, blocks, and groups explicitly defined in your IP Zone(s) or that belong to a subnet with the IP Graphing parameter enabled.
● Decoders – Choose which decoders interest you. Add more decoders in General Settings » Graphs & Storage if needed● Data Unit – Pick your desired data unit● Size – Choose a preset dimension or enter a custom size as “<X> x <Y>” where <X> and <Y> are the horizontal/vertical pixel counts● Title – Enter your own text as the title, or select one of these options:• Auto – Automatically generated title• None – No title● Legend – Select how detailed the legend should be● Consolidation – Graph consolidation reduces data resolution by averaging, minimizing, or maximizing values over fixed time intervals, optimizing visualization while maintaining overall trends:• MAXIMUM – Shows peak spikes• AVERAGE – Displays average values• MINIMUM – Focuses on lower values● Direction – Select how to show the traffic direction:• Both – Graph inbound (+ Y-axis) and outbound (– Y-axis)• Swap – Swap inbound/outbound• Inbound – Only inbound• Outbound – Only outbound● Grouping• Sensor Interfaces – Creates a single graph for all selected interfaces• Subnet IPs – Uncheck to generate a separate traffic graph for each IP in a block or group (not recommended for large subnets)● Stacking• Decoders – Stack multiple decoders’ data• Sensor Interfaces – Stack data for multiple Sensor Interfaces● Permissions• Permit Conflicting Decoders – If decoders can nest (e.g., TCP contains HTTP), stacking them reveals the most specific decoder. When selecting TCP and HTTP, TCP becomes “TCP OTHER” (showing non-HTTP TCP), while HTTP is shown in full. If you also select TCP+SYN, it may overlap HTTP traffic, causing a conflict (since TCP+SYN can appear in HTTP). Check this option to disable conflict detection for more intuitive (but potentially less accurate) graphs. Uncheck it for more accurate separation, at the risk of less intuitive stacking• Use Per-IP Data – Creates a subnet graph by aggregating IP-graph data for every IP in a block/group. On large subnets, this can be very resource-intensive. Only use if the subnet isn’t explicitly defined in the IP Zone, but is part of a larger defined subnet with IP Graphing enabled
40.3. IP Accounting¶
You can generate IP accounting reports only for IP addresses, blocks, or groups explicitly defined in your IP Zone(s), or belonging to a subnet with IP Accounting enabled.
● Decoders – Choose which decoders interest you. Add more decoders in General Settings » Graphs & Storage if needed● Data Unit – Pick your desired data unit● Report Interval – The minimum accuracy is Daily. Even if you pick a smaller range, you’ll still see the entire day’s accounting data● Direction – Show both directions or just one (Inbound or Outbound)● Group Sensor Interfaces – Generates a single traffic accounting report for multiple Sensor Interfaces● Show IPs – Check to see each IP in the selected block or group in the accounting report. Enabling this also activates the option below● Use Per-IP Data – Aggregates IP accounting data for every IP in the block/group. Can be very resource-intensive on large subnets. Only use when the block/group itself isn’t explicitly defined in the IP Zone but is part of a larger subnet with IP Accounting enabled● Display Raw Values – Shows values without metric prefixes (e.g., 1000000 instead of 1M)
40.4. Anomaly Overview¶
Generates a report with trends and summaries of traffic anomalies for the selected IP address, block, or group.
40.5. Profile Graphs¶
Displays traffic profiling graphs for the chosen IP block or host. Traffic profiling may be disabled in General Settings » Anomaly Detection. The Sensor only creates profile graphs for IP blocks/hosts with Profiling Data set to Subnet, IPs, or Subnet + IPs in the IP Zone.
40.6. Flow Records¶
Lists and filters flow data for the selected Flow Sensor Interfaces and IP block/host/group. These options are described in Reports » Tools » Flows. Visible only if at least one Flow Sensor is active.