cancel
Showing results for 
Search instead for 
Did you mean: 
mkgurz
Level 7
Report Inappropriate Content
Message 1 of 4

What do the red and blue dots mean on the Geolocation map in the SIEM?

What do these dots mean on Event Views > Geolocation Map? Are they source or destination? If so, which ones indicate source addresses and which ones destination?

Thanks,

Mike

3 Replies
xded
Level 12
Report Inappropriate Content
Message 2 of 4

Re: What do the red and blue dots mean on the Geolocation map in the SIEM?

Hi Mike,

the red dots mean Events over the Baseline and the blue dots mean Events in the Baseline. Nothing else.

Re: What do the red and blue dots mean on the Geolocation map in the SIEM?

Hi xded,

please, what do you mean about "over the Baseline" and "in the Baseline" ?
thanks

Highlighted
xded
Level 12
Report Inappropriate Content
Message 4 of 4

Re: What do the red and blue dots mean on the Geolocation map in the SIEM?

If you mouseover the dots there will come a hint with
country

lat:

Long:
count: 18000Baseline: 5000

if is the count over the base it means there is more connections than normal if is under the base line there is lesse connection than normal

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community