Page Comparison

...

Graph Layouts

Interactive Search can display 5 different graphs.

Force/Link Directed

Radial

Grid

List

Packets

Force directed graph. Nodes that are linked together are “charged” together in clumps.

Radial directed graph. Nodes are sorted into rings. The inner rings contain nodes with a higher packet/bytecount. Nodes are also clumped based on DNS.

Grid graph. This layout only appears when a search is being run. No links are shown.

Nodes are sorted into rows. The rows at the top have nodes with a higher packet/byte count.

List View of the graph.

Displays node in a table.

List view of packets.

Displays packets in a table.

Node and Link Styling Rules

Default State

Double Clicked Nodes

Hovered

IP Search Highlight

MAC Address Match

Some nodes will have a blue or a red orange look. Blue links are multicast, orange are broadcast.

Multicast if first 8 bytes of IP are between 233 and 239 exclusive.

Broadcast if any IP segment is 255.

Double clicked Nodes will show all neighboring nodes and links in green (regardless if multi/broad cast).

The node’s stroke (border) will be black.

Double clicked nodes will have a green blur around the node and text.

Double clicking an already searched node will change to default styling.

Neighboring nodes and links have a darker stroke.

The input is based on regex, so if the input is 10.5, nodes with *10.5* should be rectangles, and the IP label has a orange blur.

Neighboring nodes and links that have been part of a double click search or a matched regex search, have a dashed and magenta stroke.

When hovering over a node, nodes with matching MAC addresses will be highlighted blue.

Hovered Double click

Malicious Nodes

Overlap I

Overlap II

Neighboring nodes and links that have been part of a double click search or a matched regex search, have a dashed and magenta stroke.

Malicious Nodes are nodes that appear on the Talos IP list website. These are IP’s listed in pureinsight/data/ip_blacklist.csv

These nodes have a red blur.

The Tooltip of the node has a link to the Talos lookup page. It can also be seen in Layouts.

Sometimes many of the styling’s will overlap.

At least one of the styling rules must be present if there are multiple matches on a node.

Sometimes many of the styling’s will overlap.

At least one of the styling rules must be present if there are multiple matches on a node.

...

Versions Compared

Old Version 1

New Version 2

Key

Graph Layouts

Node and Link Styling Rules

Page Comparison

Versions Compared

Old Version 1

New Version 2

Key

<span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-0">[data-colorid=</span>

<span class="diff-html-added" data-a11y-before="Start of added content" data-a11y-after="End of added content" id="added-diff-0">vkx3hrd8b3</span><span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-1">]{color:</span>

<span class="diff-html-added" data-a11y-before="Start of added content" data-a11y-after="End of added content" id="added-diff-2">vkx3hrd8b3</span><span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-3">]{color:</span>

<span class="diff-html-added" data-a11y-before="Start of added content" data-a11y-after="End of added content" id="added-diff-4">ov0jn3027c</span><span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-5">]{color:</span>

<span class="diff-html-added" data-a11y-before="Start of added content" data-a11y-after="End of added content" id="added-diff-6">ov0jn3027c</span><span class="diff-html-changed" data-a11y-before="Start of changed content" data-a11y-after="End of changed content" id="changed-diff-7">]{color:</span>

Node and Link Styling Rules