1. Elisity
  2. Policy
  3. Policy Constructs

Traffic View in the Policy Matrix

Avatar
Taylor Colwell

The Traffic Details View allows you to analyze detailed traffic between Policy Groups directly from the Policy Matrix. This view provides visibility into observed traffic, including protocols, statuses, services, and other metrics that can inform your policy decisions. Here's how to navigate and use this feature effectively.

Accessing Traffic Details

  1. Navigate to the Policy Matrix by selecting Policies > Policies and clicking the matrix icon.

  2. Click Show Traffic View on the lower right menu. Click to view the legend for traffic.

Filtering Traffic

You can select Time Frame filters, View Options, or Custom Filters for filtering traffic.

Time Frame Filters

Traffic on the Policy Matrix can be filtered to show only traffic for the last hour (hourly), the last 24 hours (daily), the last 7 days (weekly), or the last month (monthly) by selecting one of the time frame options available. 

View Options

The View Options menu includes the following features:

Read more about each option in the sections below.

Multiselect in Traffic View

Multiselect, a powerful tool in the Policy Matrix for deploying a policy across multiple cells, is also available in Traffic View. This streamlines policy deployment by letting you apply a single policy across multiple matrix cells, while still viewing the specific traffic observed in each individual cell.

Use Case: Deploying Deny All Policies for Unused Paths

If no traffic is observed between certain source and destination Policy Groups over a week or month, and as a Network Administrator, you do not expect traffic between them, applying a Deny All policy is likely the correct choice.

Here’s how to use multiselect for this purpose:

  1. Enable Multiselect in the Traffic View by clicking the Multiselect button in the top-right corner under the View Options menu.
  2. Drag your mouse over the cells representing the source and destination pairs with no observed traffic, or use Shift+click to select them individually. CTRL/CMND + Click enables you to select a range of cells.
  3. Click + Create Policies and define a Deny All policy.

This approach allows you to enforce security policies quickly and efficiently while reducing manual effort. Multiselect enables you to act immediately on observed traffic data, ensuring unused communication paths are securely locked down to minimize risk.

Matrix Order

The Policy Groups along the Source and Destination Axis can be reordered alphabetically from A-Z or from Z-A - or based on when the were created (New and Old) as seen in the selection pane below. 

Enable/Disable Exclusion Filters

The Policy Matrix Traffic view shows all observed traffic by default (exclusion filter disabled), which is often mixed with low value traffic or "noise" - which can make it challenging to see traffic of interest. You can filter out this type of traffic by clicking Enable Exclusion Filters. 

You can see what traffic is included in the Exclusion Filters by hovering over the information icon. By default, the following traffic is filtered:

  • UDP 137–139 (NetBIOS)
  • UDP 3702 (WS-Discovery)
  • UDP 5355 (LLMNR)
  • UDP 5353 (mDNS)
  • TCP 7680 (MS-DO)
  • ICMP

Editing the Matrix Exclusion Filters

The ports/protocols which are excluded can be modified by clicking Edit Exclusion Filters. In the Edit Matrix Exclusion Filters window, you can search for and select from a pre-defined list of all common ports (both TCP and UDP) and add them to the chosen filters column, or remove existing filters. Simply select the protocols and use the arrows between the two columns to transfer selected protocols (<, >) or ALL protocols (<<, >>).  You can also restore the default filter containing the list of protocols and ports in the list above. 

With the filter enabled, cells which contain ONLY traffic included in the exclusion filters will appear transparent, as seen in the image below (with the Exclusion Filter Enabled setting).

Note: Changes to the Matrix Exclusion Filter does not apply retroactively. The filter applies to new traffic after the change is made, rather than applying historically to all traffic analytics.

Traffic Details from the Matrix

Clicking on any cell within the Policy Matrix Traffic View takes you to traffic details for a detailed view of the observed traffic within the specified time frame.

In the Traffic Vectors tab view, you’ll find detailed information on observed traffic, whether that traffic was allowed or denied, and whether a policy is in place for the specific protocol.

Click View Reverse Direction to view the traffic flowing in the opposite direction. 

In Traffic Records view, the Sankey chart displays traffic in a selected direction. Clicking View Reverse Direction switches the chart to show traffic in the opposite direction.

In the Traffic Vectors view, you have the ability to create custom filters to refine the displayed data. This functionality allows for better visibility into specific traffic patterns or policies by narrowing down the results based on various parameters. The General Filter section provides filter options for each column present, as described below:

  1. Action: Whether the protocol is allowed or denied.
  2. Destination Port: Specify a port number to filter traffic targeting that port.
  3. First Observed: Filter traffic by the date it was first detected.
  4. Last Observed: Filter traffic by the date it was last detected.
  5. Policy Status: Whether there is an active or simulated policy is present.
  6. Protocol: Filter traffic based on the communication protocol (e.g., TCP, UDP).
  7. Received Bytes: Refine data by the amount of data (in bytes) received.
  8. Received Packets: Refine data by the number of data packets received.
  9. Sent Bytes: Refine data by the amount of data (in bytes) sent.
  10. Sent Packets: Refine data by the number of data packets sent.
  11. Service: Filter by the specific service being used in the communication (e.g. LDAP).
  12. Source Port: Specify a port number to filter traffic originating from that port.

Users can select an operator, such as contains, equals, or greater than, to apply precise logic to each filter. Once configured, the filter can be applied instantly to the traffic view for real-time analysis. Additionally, there is an option to Save Filter, allowing users to quickly reapply frequently used filtering criteria without manually reconfiguring them each time.

As previously mentioned, users can also filter traffic by various time frames: hourly, daily, weekly, and monthly.

Create Policy

Clicking Create Policy at the bottom of Traffic Vectors section takes you to the Create Policy page with the Source and Destination Policy Groups pre-populated.

Show Analytics

Clicking Show Analytics at the bottom of the Traffic Vectors view takes you to the Traffic Analytics dashboard with these filters applied.

The Traffic Vectors on the Traffic Analytics page displays traffic only between the selected source and destination Policy Groups. From here, you can add additional filters to narrow down results and focus on the specific traffic that you are investigating.

Custom Filters

Custom filters can be created and saved in both table view and matrix view. Both views have their own separate saved filters, offering the flexibility to have different custom filters in each view that leverage the different criteria available. 

Saved Filters per Policy Set: Because each Policy Set can have its own unique subset of Policy Groups, filters are saved per Policy Set. This means that filters saved in one Policy Set will not appear in the list of saved filters for other Policy Sets.

Import and Export Functionality: Saved filters can be exported and imported, allowing filters to be shared between users in Cloud Control Center.

In Matrix view, the policy matrix can be filtered to show select sources, destinations, and even selected Security Profiles. These filters can be saved and loaded at any time with just a couple of clicks. 

To create or load a custom filter in the matrix view, click the Filters button in the top right of the Policy Matrix.

Select your Search Type and select the appropriate values. You can filter on a number of key values in Matrix view:

Filter Description
Source The Policy Group that is defined as the source in the policy, determining which entities the policy applies to.
Destination The Policy Group that is defined as the destination in the policy, specifying the entities affected by the policy.
Policy Group Label The higher-level categorization that groups multiple Policy Groups under a common label for easier policy management and assignment to PSETs.
Policy Group The logical grouping of devices or users that share the same access and security policies.
Security Profile The set of security controls defining how traffic is inspected, monitored, and enforced within the policy.
Security Level A classification indicating the risk or sensitivity of a Policy Group, influencing policy enforcement and access permissions. See Policy Set Enforcement Scores


 

You can layer multiple filters to create granular, multifaceted filters to narrow down the matrix view to only the data that you need. You can also import filters shared by colleagues.

 

To load a filter, go to saved filters and select a previously created filter. Here is also where you can also export any saved filters to share with other Cloud Control Center users.

 

Was this article helpful?
0 out of 0 found this helpful