The Elisity Cognitive Trust platform provides rich policy and traffic telemetry while also offering effective search and filtering functionality for day two operations.
With Elisity, an administrator can monitor log-on/log-off events, visualize user/device/application traffic flows, troubleshoot policy consumption and violations, and quickly analyze system events and logs.
Cloud Control Center Overview
The overview page is a dashboard populated with visibility widgets such as current users, devices, policies, sites, policies, and more. This interactive overview offers a centralized view of the network environment. Designed for clarity and ease of use, it presents essential data points and metrics, allowing users to understand and navigate their network's current status swiftly.
An administrator might the overview page helpful in how it indicates how many new users, devices, sites have been discovered/created, in addition to showcasing high-level statistics focused on deployed policies, sites, and VENs.
Components of the Overview Page:
-
Count Metrics: At the top, users can see a clear count of users, devices, sites, and policies. Additionally, any newly added users or devices from the last 24 hours are indicated, providing a quick understanding of recent network changes.
-
Device Breakdown: This section lists devices and allows users to filter the list by type or vendor. This makes it easier to view and categorize the variety of devices in the environment.
-
Site Analysis: Users can view a list of top sites. The list is filterable, providing options to organize by the number of devices or users present at each site.
-
Virtual Edge Nodes Overview: Here, the top Virtual Edge Nodes, which are critical policy enforcement points in the network, are displayed.
-
Policy Group Metrics: The page presents a breakdown of the top policy groups. Users can filter this section either by the number of devices associated with each group or by the number of policies.
-
Interactive Filtering: A notable functionality of the page is its dynamic filtering. When one section is filtered, the other sections adjust to display data relevant to the applied filter.
Purpose and Usefulness:
The interactive overview page serves as an informational hub for those managing or monitoring the network. It aims to:
-
Provide Quick Updates: With clear counts and indications of new users or devices, users receive immediate updates on the network's status.
-
Facilitate Navigation: Filtering options across sections allow for more manageable and targeted navigation. For example, if a user wants data related to a specific device type, the dynamic filtering ensures other sections display only relevant information.
-
Offer Clear Breakdowns: The different sections, whether it's device breakdown or site analysis, offer clear, structured views of the network components, making it easier to interpret and understand the data.
In a nutshell, the Elisity platform's overview page acts as a transparent, comprehensive window into the network environment, facilitating a more informed and efficient management process.
Cloud Control Center Analytics
When it is time to drive deeper into the telemetry collected by Cloud Control Center, an administrator can navigate to the Analytics page to discover an abundance of data presented in an easily digestible format.
Flow Records
The Flow Records tab provides you a historical record of every single flow observed on your network. At the top, a summary of flow records based on time is presented in a bar graph format. Below the summary, you will find a list of the flow details. By default, this includes Start and End Times, Source and Destination addresses, URL, Application Protocol and Ports, Traffic in bytes, and Source/Destination Nodes. Make sure to scroll over within the list to see the entire dataset. More columns of data can be added and removed by selecting the column modifier at the top right of the list. Notice that you can modify the time window to show flow records within a specified time window.
Flow View
Flow View represents traffic analytics in a categorical, real-time table aimed at providing critical details about flow records as they happen. Both Flow Records and Flow View show the same traffic analytics, but in a different representation. The Flow View shows types of flows such as completed, denied, or long-running flows. You can modify the table columns just as you can in Flow Records, but with additional default filters based on the type of flow.
Filtering Traffic Flows
Elisity offers two methods for filtering traffic flows: Click-though analytics for assets and Policy Group intersections, and manually-created filters.
Click-Through Analytics
Showing Asset Details for any User or Device in your inventory, you will see an icon underneath the asset name labeled "analytics." Clicking on this button will open the analytics page, with a filter automatically created that only shows flows that pertain to the asset. You can use this as a starting point, and layer additional filters to reveal granular traffic analytics that can be crucial in Policy decision-making.
To view detailed analytics between Policy Groups, you can navigate to the Policy Matrix, click "Show Traffic Flows," click any cell, and click "Show Analytics." This will again take you to the analytics page with a pre-generated filter that shows only flows between your source and destination PGs. Again, you can use this as a starting point and add additional filters to narrow down search results to exactly what flows you are investigating.
Custom Analytics Filters
You can also create custom filters using the custom filter tool in the analytics dashboard. This applies to both Flow Records and Flow View. You can filter your source and destination assets using nearly any criteria you can imagine such as device type, user name, IP address, node name, and much more. You can either click on some of the pre-defined options or you can type in a custom filter.
Use the following format to build custom filters:
- type "src." for source or "dst." for destination into the text bar, and a list of options will populate. Do NOT click on an option, but rather continue typing out the filter as it appears in the suggestions. End the filter with a ":" character and continue typing the specific asset or group name. Once you see the specific asset or group appear, you can click on the option and continue building additional filters. Once you have built your filters, click the "search" icon to the right.
- example:
- src.pgName:USER_Radiologist
- dst.assetType:USER
- example:
Cloud Control Center Events and Logs
The Events and Logs dashboard in Cloud Control Center gives visibility into all administrative events that occur in Cloud Control Center. From user login, to Policy Group modifications, to Policy deployments or deletions, this is where you can find a log of all activity in Cloud Control Center. Audit logs show changes made by any user in Cloud Control Center such as policy modifications, while event logs show events that occured that were not necessarily the result of user configuration, such as device attachments or or asset classification.
Leveraging Traffic Flow Analytics
Cloud Control Center offers a considerable amount of information to help with troubleshooting both connectivity and policy effectiveness in an Elisity-secured network. A good place to start is the Traffic Flow Visualization Matrix. Here we can see observed traffic flows including which protocol was observed and the number of flows, traffic flows blocked by policy, and what policy is in place, if any.
Clicking on any observed traffic shows the specific traffic flows that have been observed, and clicking add policy will automatically create a policy for the protocols that were observed which you can then customize to create a very granular policy.
Exporting User and Device Data
Elisity can be an incredible source of truth for users and devices on the corporate network. Through integration with Active Directory and native device discovery, Elisity retains a comprehensive database of all users and devices on the network and their attributes.
In some scenarios you may want to filter and export this data into an Excel spreadsheet.
To export all User data, click the Export icon and select Export All Data.
You can also export only filtered data by clicking the Export icon and selecting Export Filtered Data. Today you can filter Users via column data or via Site.
All Devices can also be exported by selecting the Export icon and then by selecting Export All Data.
You can also export only filtered data by clicking the Export icon and selecting Export Filtered Data. Use the Filter button to select the column you want to filter and input the filter string.
