Did you know you can identify the destination countries of the data generated from your data center?
IBM SevOne enriches NetFlow data with detailed information such as the country of origin, SaaS name, SaaS type, and more. This capability allows, for example, you to determine if your internet connection is saturated due to employees participating in Teams meetings, watching YouTube videos, or downloading massive Microsoft Office updates.
Recently, a customer approached us with concerns about enhancing network security and observability. They had experienced a data exfiltration incident, which they discovered too late. This raised the question: why not use IBM SevOne NetFlow monitoring to better control where the traffic is going?
We initiated tests in the lab and examined the country of origin of the internet-bound traffic. We discovered some interesting activity generated by an internet-purchased camera. Given that the camera brand was from Asia, traffic directed towards China was expected, but traffic to other destinations raised concerns.
Below is a simple example of how to create a report in just a few minutes using a cascade of filters: Country > Internal IP > External IP > Flow Traffic Diagram.
How to Create Comprehensive Traffic Reports with IBM SevOne
Curious about how to create detailed traffic reports? Let’s walk through it together!
Step 1: Create Views in the Flow Falcon View Editor
- Destination Country and Bandwidth View
- Open the Flow Falcon View Editor inside IBM SevOne NMS.
- Create a view that shows only the destination country and bandwidth.
- Source IP, Destination Country, and Bandwidth View
- Create a second view displaying the source IP, destination country, and bandwidth.
- Source IP, Destination IP, Destination Country, and Bandwidth View
- Create a third view showing the source IP, destination IP, destination country, and bandwidth.
Step 2: Build the Report in IBM SevOne Data Insight
- Create a New Report
- Go to IBM SevOne Data Insight and create a new report.
- Add a flow widget to the report.
- Add the First Flow Widget
- In the widget, select the resource device & interface and choose the first Flow view (Destination Country and Bandwidth).
- Change the chart type to a table.
- Link and Add Additional Flow Widgets
- Link the first widget to another flow widget by clicking the "+" on the widget you just created and selecting the “Flow” option.
- Repeat the process, selecting the second view (Source IP, Destination Country, and Bandwidth) for the second widget.
- Repeat once more for the third view (Source IP, Destination IP, Destination Country, and Bandwidth).
- Create a Visualization Widget
- Add a fourth widget, but this time, set the visualization type to a line chart.
Et voilà, you have your “country of origin” traffic report!