2 Replies Latest reply on Oct 13, 2015 4:48 AM by zlob

    DRILL-DOWN TOP Rate

    zlob

      Anybode know, how to use drill-down top rate in SMC?

      From documentation:

      First, this summary type creates a top rate summary of

      events. Then, the sections following the top rate

      summary use the data in the top rate summary to

      produce further charts and tables.

      Example: A drill-down section can show the top 10 IP

      addresses in terms of traffic volume followed by a

      progress summary. The progress summary can then show

      in detail how the combined traffic from those IP

      addresses is spread throughout the week.

      Drill-down sections must be placed at the end of the

      Report Design. All other sections placed after a drill-down

      top rate summary section become part of the drill-down

      top rate summary. This statement does not include other

      drill-down sections and the sections they include.

        • 1. Re: DRILL-DOWN TOP Rate
          jmatikka

          Hi Oleg,

           

          "Drill-Down Top rate" summary type basically act as a filter in report. As mentioned in the Product documentation:

           

               "First, this summary type creates a top rate summary of events. Then, the sections following the top rate summary use the data in the top rate summary to produce further charts and tables"

           

          In other words, when you add a section with "Drill-Down Top rate" summary type, ALL following report sections (sections placed below "Drill-Down" section) will only collect data that is relating to the "Drill-Down" section. I created an example report showing this in use:

          DD.PNG

          In this report "Traffic by user" section is using "Drill-Down Top rate" summary type. Report sections ABOVE this shows traffic by dst port and src IP from all traffic. Report sections BELOW "Traffic by user" section only shows traffic by dst port and src IP based in data seen in "Traffic by user" section.

          ddreport.PNG

           

          Hopefully you understood my explanation

           

          BR,

          Juha

          • 2. Re: DRILL-DOWN TOP Rate
            zlob

            Thank you for Your answer.

            I know how "drill-down" work - it not usable. If I need find TOP user with web usage and then look into sites... (

            No I think about move Events to SIEM and create usable Dashboards.