M21-31
The M21-31 dashboard offers detailed insights into web (HTTP) and DNS traffic, helping identify and address gaps in security compliance and DNS security.
Web Traffic Details
These visualizations offer insights to assess:
-
Encryption enforcement across the landscape.
-
Web server compliance with security baselines, including server software, HTTP version, and interaction ports.
-
User adherence to the latest user agents mandated by InfoSec.
-
HTTP transactions—such as methods, error codes, redirections, and file types—to detect abnormal activity and take remedial action as needed.
|
Visualizations |
Overview |
|---|---|
|
Encrypted vs Non Encrypted Traffic |
Displays the percentage distribution of HTTP vs. HTTPS traffic. |
|
Server Software |
Displays the percentage distribution of active web servers, including their software type, OS type, and version. |
|
Client Browsers |
Displays the percentage distribution of active client browsers, including their OS type and version. |
|
HTTP Versions |
Displays the versions of clear-text (HTTP) traffic. |
|
Connection on reserved port 0 |
Displays connections to reserved port 0. |
|
Http communication on non-standard ports |
Displays HTTP traffic occurring on ports other than 80 and 443. |
|
Session info for unsafe Http methods |
Displays sessions involving potentially risky HTTP actions such as POST, PUT, and DELETE. |
|
Methods |
Displays a breakdown of HTTP methods such as GET, PUT, POST, HEAD, and OPTIONS. |
|
Top Referer sites |
Displays the HTTP referrer websites redirecting the users. |
|
Error codes |
Displays client-side and server-side HTTP errors. |
|
File types |
Displays the percentage distribution of HTTP file types sent or received. |
|
Web Session Info |
Displays source ip, destination ip, web server name, URI, RTT, client user agent, and server agent details. |
|
Http2 session info |
Displays HTTP2 application names, source IP , destination IP, source port, and destination port details. |
DNS Information
These visualizations offer insights into DNS queries, responses, and traffic patterns, helping identify anomalies and take remedial actions as needed.
|
Visualizations |
Overview |
|---|---|
|
Volume of DNS Requests over time |
Displays a time-line chart of the number of DNS requests made for each domain. |
|
Top DNS Servers with Volume of Responses |
Displays the top DNS servers based on the number of DNS queries handled by each server. |
|
Top DNS Queried |
Displays the top domains queried based on user activity. |
|
Top 20 DNS Lookups |
Displays the percentage breakdown of the most frequently queried domains by users. |
|
Top DNS Clients |
Displays the most active users making DNS queries. |
|
Volume of DNS requests by Clients |
Displays a timeline chart of the number of DNS requests made by each client. |
|
DNS Query type |
Displays the count of various DNS query types exchanged between endpoints. |
|
DNS Reply type |
Displays the DNS reply codes exchanged between endpoints. |
|
DNS Query and Name Resolution Info |
Displays DNS name resolution between endpoints, including DNS TTL and response time. |
MORE INFORMATION 
