cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kenn1
Level 7
Report Inappropriate Content
Message 1 of 12

How Do I pull Out Data For a Particular Country in ESM

How Do I pull Out Data For a Particular Country in ESM

11 Replies
andy777
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

How would you define the data as it relates to a particular county? For instance, would you filter for a geolocation or is there some identifier in the data itself? Thanks.

kenn1
Level 7
Report Inappropriate Content
Message 3 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

I want to generate a few Nitro reports/graphs or me regarding
traffic attempts to / from a specific  over the last 30 days.

Views (bar or line charts) I would like to see, if they can
be generated,  are as follows:

  • Inbound attempts
    • Deny
      vs. Allowed
    • Deny
      by protocol
    • Allowed
      by protocol
    • Average
      attempts per day in aggregate
  • Outbound attempts
    • Deny
      vs. Allowed
    • Deny
      by protocol
    • Allowed
      by protocol
    • Average
      attempts per day in aggregate
  • Inbound payload
    • Total
      bytes returned to countrys address for inbound attempts per day
    • Total
      bytes returned to counrtys address by protocol for inbound attempts per day
    • Average
      bytes per connection attempt (deny vs. allowed) per day

Outbound payload

  • Total
    bytes sent to country for outbound attempts per day
  • Total
    bytes sent to country by protocol for outbound attempts per day
  • Average
    bytes per connection attempt (deny vs. allowed) per day
rth67
Level 12
Report Inappropriate Content
Message 4 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

Use the Source / Destination Geo Location information using the "ASN Geo Source ID" or "ASN Geo Dest Source ID"

You can also define Zones and assign the appropriate ASN Geo information for your internal subnets (if using RFC1918 non-routable IP ranges like 10.x.x.x, 172.16.x.x, or 192.168.x.x) - that way you can report on traffic sourced from your officea in Dallas, Chicago, NY, LA, UK, etc...

kenn1
Level 7
Report Inappropriate Content
Message 5 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

                        

"Use the Source / Destination Geo Location information using the "ASN Geo Source ID" or "ASN Geo Dest Source ID""

Yes but I want it for a specific country and all inclusive for that country.  Right now it looks like it the codes are unique to the cities.

andy777
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

kenn1 wrote:

How Do I pull Out Data For a Particular Country in ESM

You don't have to drill down to the city. When you reach the country you want, just click OK. Geolocation IDs work like subnets. In this screenshot I'm filtering just on events from China. Note the ID: 1170957893348884480/22.

geodrill.PNG

The part of the report that is a challenge is calculating a daily average of something over a 30-day period. The tool compares 5 increments of like time frames by default. If you're looking at a month's worth of data it's going to show you that data compared to the previous 5 months and display that as an average.

kenn1
Level 7
Report Inappropriate Content
Message 7 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

So that ASN/GEO Source ID will give me all the China traffic and just China?

andy777
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

So that ASN/GEO Source ID will give me all the China traffic and just China?

Correct. Using the Filter you can select any continent, country or city.

geodrill2.PNG

kenn1
Level 7
Report Inappropriate Content
Message 9 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

Any idea how to generate those reports or if canned reports for that type of activity appears anywhere? Do we need to have "flows" set up to track bytes in and out?

kenn1
Level 7
Report Inappropriate Content
Message 10 of 12

Re: How Do I pull Out Data For a Particular Country in ESM

"The tool compares 5 increments of like time frames by default."

How do I do this or activate this?  Thanks

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community