How would you define the data as it relates to a particular county? For instance, would you filter for a geolocation or is there some identifier in the data itself? Thanks.
I want to generate a few Nitro reports/graphs or me regarding
traffic attempts to / from a specific over the last 30 days.
Views (bar or line charts) I would like to see, if they can
be generated, are as follows:
Use the Source / Destination Geo Location information using the "ASN Geo Source ID" or "ASN Geo Dest Source ID"
You can also define Zones and assign the appropriate ASN Geo information for your internal subnets (if using RFC1918 non-routable IP ranges like 10.x.x.x, 172.16.x.x, or 192.168.x.x) - that way you can report on traffic sourced from your officea in Dallas, Chicago, NY, LA, UK, etc...
"Use the Source / Destination Geo Location information using the "ASN Geo Source ID" or "ASN Geo Dest Source ID""
Yes but I want it for a specific country and all inclusive for that country. Right now it looks like it the codes are unique to the cities.
How Do I pull Out Data For a Particular Country in ESM
You don't have to drill down to the city. When you reach the country you want, just click OK. Geolocation IDs work like subnets. In this screenshot I'm filtering just on events from China. Note the ID: 1170957893348884480/22.
The part of the report that is a challenge is calculating a daily average of something over a 30-day period. The tool compares 5 increments of like time frames by default. If you're looking at a month's worth of data it's going to show you that data compared to the previous 5 months and display that as an average.
So that ASN/GEO Source ID will give me all the China traffic and just China?
Correct. Using the Filter you can select any continent, country or city.
Any idea how to generate those reports or if canned reports for that type of activity appears anywhere? Do we need to have "flows" set up to track bytes in and out?