Skip to main content
Skyhigh Security

Charts and Tables Tab

The Charts and Tables tab displays statistical data on web usage, filtering activities, and system behavior of an appliance. If the appliance is a node in a Central Management configuration, it displays also statistical data for the other nodes.

View charts and tables information

On the Charts and Tables tab, you can view information on web usage, filtering activities, and system behavior.

  1. Select Dashboard | Charts and Tables.
  2. From the Appliance drop-down list, select the appliance you want to view chart and tables information for.
  3. [Optional] Click Update to ensure you see the most recent information.
  4. From the list on the navigation pane, select the type of information you want to view. For example, Web Traffic Summary.

Charts and tables display options

There are several options for displaying the information on the Charts and Tables tab, depending on the type of information that is provided.

Types of information are as follows:

  • Evolving data — Shows how particular parameters evolved over a selected time interval.

    For example, you can view how the number of blocked or allowed URL requests evolved over a selected time interval.
  • Top scores — Shows top numbers for activities or byte volumes related to key items of the filtering process up to the moment when you view them

    What you see then is these numbers, but not how they evolved over time.

    For example, you can view the URL categories that have been most often requested. Or you can view media types ranked according to the volumes transferred when web objects of these types were downloaded.

    The maximum number of items stored on an appliance for presenting top scores at a given point in time is 20000. When this number is exceeded, items that have the lowest occurrence or byte volumes are removed.
     
  • Other information — Shows other information presented on tables.

    For example, you can view the current versions of key modules (also known as engines) on an appliance, such as the Anti-Malware module or the URL Filter module.

The following table shows the display options for the different types of information.

Option Definition
Show last

Provides a drop-down list for selecting a time interval: 1 hour | 3 hours | ... | 1 year

Resolution

Displays the time unit used for the diagram that shows the evolution of a parameter over the selected interval.

Resolution varies with the interval.

For example, when 1 hour is selected, the diagram uses 1 minute as the time unit, when 1 year is selected, the diagram uses 1 day.

View

Provides a drop-down list for selecting:

  • Display mode: Line | Stacked
  • Average values
Refresh icon

Refreshes the view.

Top

Provides a drop-down list for selecting how many of the items with the highest scores are shown: 10 | 25 | ... | 1000

For example, the 25 URL categories that the most-often requested URLs fall in can be shown.

Refresh icon

Refreshes the view.

Overview of charts and tables information

Information about web usage, filtering activities, and system behavior for an appliance is displayed on the Charts and Tables tab of the dashboard.

The following tables provide an overview of this information.

Executive Summary
Information Description
URL Executive Summary

Shows how numbers of requests evolved during the selected interval.

Requests are sorted into allowed (“good”) requests and such that were blocked.

Blocked requests are additionally sorted according to the filtering modules that caused the blocking, such as the Anti-Malware engine, the URL engine, and others.

Clicking Edit Choosable Data Series opens a window for editing the selection of good and blocked requests that is shown.

Categories by Hits

Shows the categories that the most-often requested URLs belonged to.

Malware by Hits

Shows the virus and malware types that were requested most often.

System Summary
Information Description
Network Utilization

Shows how numbers of requests sent and received evolved during the selected interval.

System Utilization

Shows how usage of hard disk, CPU, physical memory of the appliance system, and the physical memories of the core and coordinator subsystems evolved during the selected interval.

Update Status

Shows the versions of several modules and filter information files that are implemented on an appliance, for example, of the Gateway Anti-Malware engine or of the malware signature files.

Last Update

Shows when several modules of an appliance were last updated, for example, the URL Filter module.

Open Ports

Lists the ports on an appliance that are currently listening to requests.

WCCP Services

Shows the status of WCCP services used to redirect traffic to an appliance.

Active Proxy Connections

Shows how numbers of connections evolved during the selected interval.

Web Traffic Summary
Information Description
Traffic per Protocol

Shows how volumes of web traffic under the HTTP, HTTPS, HTTP2, and FTP protocols evolved during the selected interval.

Requests per Protocol

Shows how numbers of requests under the HTTP, HTTPS, HTTP2, FTP, and IFP protocols evolved during the selected interval.

ICAP Traffic Summary
Information Description
ICAP Traffic with ICAP Clients

Shows how volumes of traffic occurring during communication with ICAP clients in REQMOD and RESPMOD modes evolved during the selected interval.

ICAP Requests from ICAP Clients

Shows how numbers of requests sent by ICAP clients in REQMOD and RESPMOD modes evolved during the selected interval.

SOCKS Traffic Summary
Information Description
SOCKS Traffic

Shows how volumes of traffic going on under versions 4 and 5 of the SOCKS protocol evolved during the selected interval.

SOCKS Connections

Shows how numbers of connections for traffic going on under versions 4 and 5 of the SOCKS protocol evolved during the selected interval.

Traffic per Protocol

Shows how volumes of traffic going on under the SOCKS protocol evolved during the selected interval.

Volumes are shown for UDP and the protocols that could be detected as underlying the SOCKS protocol: HTTP and HTTPS.

Volume is also shown for all other underlying protocols, which remained unfiltered, as filtering underlying protocols of the SOCKS protocol other than HTTP or HTTPS is not performed on Web Gateway.

Connections per Protocol

Shows how numbers of connections for traffic going on under the SOCKS protocol evolved during the selected interval.

Connection numbers are shown for the UDP protocol and the protocols that could be detected as underlying the SOCKS protocol: HTTP and HTTPS.

The number of connections is also shown for all other underlying protocols, which remained unfiltered, as filtering underlying protocols of the SOCKS protocol other than HTTP or HTTPS is not performed on Web Gateway.

Protocol Detection per Connection

Lists the underlying protocols of the SOCKS protocol that were most often detected for an individual connection together with these connections.

IM Traffic Summary
Information Description
Instant Messaging Traffic

Shows how volumes of instant messaging requests evolved for different services during the selected interval.

Instant Messaging Requests

Shows how numbers of instant messaging requests evolved for different services during the selected interval.

Instant Messaging Clients

Shows how numbers of instant messaging clients evolved for different services during the selected interval.

Traffic Volume
Information Description
Top-Level Domains by Bytes Transferred

Lists the domains that were requested most according to the number of bytes transferred from them.

Top-Level Domains by Number of Requests

Lists the domains that were requested most often according to the number of requests for them.

Destinations by Bytes Transferred

Lists the destinations that were requested most according to the number of bytes transferred from them.

Destinations by Number of Requests

Lists the domains that were requested most often according to the number of requests for them.

Source IPs by Bytes Transferred

Lists the source IP addresses that most volume was transferred to.

Source IPs by Number of Requests

Lists the source IP addresses that most requests were made from.

Web Cache Statistics
Information Description
Web Cache Efficiency

Shows how numbers of caching requests evolved during the selected interval and sorts them into hits and misses.

Web Cache Object Count

Shows how numbers of objects in the cache evolved during the selected interval.

Web Cache Usage

Shows how usage of the cache evolved during the selected interval.

Malware Statistics 
Information Description
Malware URLs by Hits

Lists the URLs infected by viruses and other malware that were requested most often.

Malware by Hits

Lists the malware types that were requested most often.

Advanced Threat Defense Requests

Shows how numbers of requests for web objects that were passed on to Skyhigh Security Advanced Threat Defense for scanning evolved during the selected interval.

Shows also how numbers of requests that were blocked due to the scanning results evolved during the selected interval.

Advanced Threat Defense Scanning Time

Shows how the time consumed for scanning web objects by Skyhigh Security Advanced Threat Defense evolved during the selected interval.

URL Filter Statistics
Information Description
Category

Shows how numbers of requested URL categories evolved during the selected interval.

Reputation

Shows how numbers of requests evolved during the selected interval and sorts them according to the reputation of the requested URLs.

Categories by Hits

Lists the URL categories that were requested most often.

Sites Not Categorized by Hits

Lists among the sites that are not categorized those that were requested most often.

Malicious Sites by Hits

Lists among the sites that were found to be infected those that were requested most often.

Top Blocked URLs

Lists among the blocked sites those that were requested most often.

Media Type Statistics
Information Description
Media Type Groups by Hits

Shows how numbers of requested media type groups evolved during the selected interval.

Types are sorted into audio files, images, and others.

Media Types by Bytes

Lists the media types that were requested most according to the number of bytes transferred.

Media Types by Hits

Lists the media types that were requested most often according to the numbers of successful requests for them.

DLP Filter Statistics
Information Description
DLP Classification

Shows how numbers of classifications for content that should not leave your network evolved during the selected interval.

DLP Classification by Hits

Lists the classifications that were most often used for content that should not leave your network.

SSL Scanner Statistics
Information Description
Certificate Incidents

Shows how numbers of incidents evolved during the selected interval.

Incidents are sorted according to the types of the events that caused them, for example, expired certificates or common name mismatches.

Remote Private Key Operations

Shows how numbers of remote private key operations for encrypting and decrypting data evolved during the selected interval.

Remote Private Key Operations

Lists the remote private key operations that were executed most often, providing information on the keys used, the functions that were performed, and the types of operation.

Application Control Statistics
Information Description
Categories

Shows how numbers of the different categories that requested applications belonged to evolved during the selected interval.

Reputation

Shows how numbers of the reputation levels that were assigned to requested applications evolved during the selected interval.

Categories by Hits

Lists the categories that occurred most often for applications that access to was requested.

High Risk Applications by Hits

Lists the applications with high-risk reputation that were most often requested for access.

Single Sign On Statistics 
Information Description
All Logins

Shows how numbers of logons to cloud applications (services) evolved during the selected interval.

Logins per Service

Shows how numbers of logons evolved during the selected interval and sorts them according to the cloud applications (services) that logon was performed to.

Logins per Service

Lists the cloud applications (services) that most logons were performed to.

Number of Invalid Tokens

Shows how numbers of invalid tokens evolved during the selected interval.

Encryption Statistics
Information Description
Operations

Shows how numbers of encryption and decryption operations for cloud storage data and numbers of errors that occurred during these operations evolved during the selected interval.

Volume

Shows how volumes of encrypted and decrypted data evolved during the selected interval.

Encryption Operations

Lists the cloud storage services that were involved most often when data was encrypted and uploaded.

Decryption Operations

Lists the cloud storage services that were involved most often when data was decrypted and downloaded.

Encryption Volume

Lists the cloud storage services that were involved most when data was encrypted according to the volume of encrypted data.

Decryption Volume

Lists the cloud storage services that were involved most when data was decrypted according to the volume of decrypted data.

Encryption Errors

Lists the cloud storage services that were involved most often when errors in encrypting data occurred.

Decryption Errors

Lists the cloud storage services that were involved most often when errors in decrypting

data occurred.

System Details
Information Description
Network Utilization

Shows how numbers of requests sent and received evolved during the selected interval.

CPU Utilization

Shows how CPU usage evolved during the selected interval.

Memory Usage

Shows how usage of memory evolved during the selected interval.

MWG Processes Virtual Memory Usage

Shows how usage of virtual memory by processes running on Web Gateway evolved during the selected interval.

Average System Load per CPU

Shows how average load on individual CPUs evolved during the selected interval.

Swap Space Usage

Shows how usage of memory available for swapping data evolved during the selected interval.

File System Utilization

Shows how usage of the file system evolved during the selected interval.

File System Utilization

Shows usage of the file system per partition.

Open TCP Ports

Shows open TCP ports with IP addresses and port numbers.

Authentication Statistics
Information Description
Authentication Requests

Shows how numbers of requests processed remotely, locally, or found in the cache evolved under each authentication method during the selected interval.

Average Request Processing Time per Method in ms

Shows how average processing time for requests sent to a server evolved under each authentication method during the selected interval.

Current Requests Report

Shows numbers of requests, cache hits, as well as minimum, maximum, and average processing time for requests sent to a server.

Current Connection Status

Shows the connections that are currently active under each authentication method.

Performance Information
Information Description
General Performance

Shows how the processing time consumed on average for completing particular tasks evolved during the selected interval.

These tasks include performing a DNS lookup, connecting to a given web server, and the work done by the rule engine to process a request throughout all cycles.

When measuring the time consumed for DNS lookups, only lookups on external servers are considered. Cache lookups are disregarded.

Detailed HTTP Performance

Shows how the time consumed on average for processing a request throughout all cycles evolved during the selected interval.

This performance information is only measured and displayed for web traffic that uses HTTP and HTTPS connections.

The processing of a request throughout all cycles (request, response, and embedded object cycles) is considered to be one transaction.

Average processing time is shown for complete transactions, but also for particular data transfers going on during a transaction:

  • First Byte Received from Client until First Byte Sent to Client — Shows the average processing time consumed between receiving the first byte from a client on an appliance and sending the first byte to this client within a transaction
  • Last Byte Received from Client until Last Byte Sent to Client — Shows the average processing time consumed between receiving the last byte received from a client on an appliance on and sending the last byte to this client within a transaction
  • First Byte Sent to Server until First Byte Received from Server — Shows the average processing time consumed between sending the first byte from an appliance to a web server and receiving the first byte from this server within a transaction
  • Last Byte Sent to Server until Last Byte Received from Server — Shows the average processing time consumed between sending the last byte from an appliance to a web server and receiving the last byte from this server within a transaction
DXL
Information Description
DXL Requests Sent

Shows how numbers of DXL requests and events that were sent and received, as well of requests that failed, evolved during the selected interval.

DXL Traffic

Shows how the volume of DXL traffic evolved during the selected interval.

Bandwidth Statistics
Information Description

Bandwidth Utilization per Direction

Shows how bandwidth evolved during the selected interval for both incoming and outgoing traffic.

Incoming traffic is shown under Ingress, outgoing under Egress.

If more than one class is used for applying bandwidth control on the same network interface, the average bandwidth of these classes is considered when the overall bandwidth values for incoming and outgoing traffic are calculated.

HTTP/HTTPS: Download Bandwidth Utilization per Class (server side)

Shows how bandwidth evolved during the selected interval for downloads from web servers performed under HTTP/HTTPS with regard to individual bandwidth classes.

HTTP/HTTPS: Upload Bandwidth Utilization per Class (server side)

Shows how bandwidth evolved during the selected interval for uploads to web servers performed under HTTP/HTTPS with regard to individual bandwidth classes.

Bandwidth Statistics per Class

Shows values for important parameters of bandwidth classes.

Values are only shown for child (also known as leaf) classes.

  • Class Name — Name of a bandwidth class
  • Sent — Number of bytes sent through a class

    If a class is used for applying bandwidth control on more than one network interface, this number is the sum of all bytes sent over these interfaces.

    Sums regarding all network interfaces that bandwidth control is applied to are also shown under Packets, Dropped, and Current Packet Rate.
     
  • Packets — Number of data packets sent through a class
  • Dropped — Number of data packets that were dropped at a class
  • Current Bandwidth — Current bandwidth of traffic going through a class

    If a class is used for applying bandwidth control on more than one network interface, the average bandwidth achieved on all interfaces is shown.
     
  • Current Packet Rate — Current packet rate (in pps - packets per second) for a class

HTTP/HTTPS: Top Classes by Download Bandwidth (server side)

Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when downloads from web servers were performed under HTTP/HTTPS.

HTTP/HTTPS: Top Classes by Upload Bandwidth (server side)

Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when uploads to web servers were performed under HTTP/HTTPS.

HTTP/HTTPS: Top Destinations by Download Bandwidth (server side)

Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through downloads performed under HTTP/HTTPS with these web servers as destinations.

HTTP/HTTPS: Top Destinations by Upload Bandwidth (server side)

Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through uploads performed under HTTP/HTTPS with these web servers as destinations.

HTTP/HTTPS: Top Users by Download Bandwidth (server side)

Lists the average bandwidth values for the users that consumed most bandwidth when performing downloads from web servers under HTTP/HTTPS.

HTTP/HTTPS: Top Users by Upload Bandwidth (server side)

Lists the average bandwidth values for the users that consumed most bandwidth when performing uploads to web servers under HTTP/HTTPS.

FTP: Download Bandwidth Utilization per Class (server side)

Shows how bandwidth evolved during the selected interval for downloads from web servers performed under FTP with regard to individual bandwidth classes.

FTP: Upload Bandwidth Utilization per Class (server side)

Shows how bandwidth evolved during the selected interval for uploads to web servers performed under FTP with regard to individual bandwidth classes.

FTP: Top Classes by Download Bandwidth (server side)

Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when downloads from web servers were performed under FTP.

FTP: Top Classes by Upload Bandwidth (server side)

Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when uploads to web servers were performed under FTP.

FTP: Top Destinations by Download Bandwidth (server side)

Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through downloads performed under FTP with these web servers as destinations.

FTP: Top Destinations by Upload Bandwidth (server side)

Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through uploads performed under FTP with these web servers as destinations.

FTP: Top Users by Download Bandwidth (server side)

Lists the average bandwidth values for the users that consumed most bandwidth when performing downloads from web servers under FTP.

FTP: Top Users by Upload Bandwidth (server side)

Lists the average bandwidth values for the users that consumed most bandwidth when performing uploads to web servers under FTP.

SOCKS: Download Bandwidth Utilization per Class (server side)

Shows how bandwidth evolved during the selected interval for downloads from web servers performed under the SOCKS protocol with regard to individual bandwidth classes.

SOCKS: Upload Bandwidth Utilization per Class (server side)

Shows how bandwidth evolved during the selected interval for uploads to web servers performed under the SOCKS protocol with regard to individual bandwidth classes.

SOCKS: Top Classes by Download Bandwidth (server side)

Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when downloads from web servers were performed under the SOCKS protocol.

SOCKS: Top Classes by Upload Bandwidth (server side)

Lists the average bandwidth values for the bandwidth classes that consumed most bandwidth when uploads to web servers were performed under the SOCKS protocol.

SOCKS: Top Destinations by Download Bandwidth (server side)

Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through downloads performed under the SOCKS protocol with these web servers as destinations.

SOCKS: Top Destinations by Upload Bandwidth (server side)

Lists the average bandwidth values for the web servers that caused the highest consumption of bandwidth through uploads performed under the SOCKS protocol with these web servers as destinations.

SOCKS: Top Users by Download Bandwidth (server side)

Lists the average bandwidth values for the users that consumed most bandwidth when performing downloads from web servers under the SOCKS protocol.

SOCKS: Top Users by Upload Bandwidth (server side)

Lists the average bandwidth values for the users that consumed most bandwidth when performing uploads to web servers under the SOCKS protocol.

  • Was this article helpful?