The Networks dossier displays information about network connections, open ports, and DNS lookups.
To navigate to the Networks dossier in the Lacework Console, click Resources > Host > Networks. For information about filtering dossier data, see Dossier Navigation and Filters.
These graphs aggregate data for machines and network traffic. Available graphs display information including unique machines, unique users, and total connections.
Alerts for network connections where Lacework agents are installed.
See Networks Polygraph.
This table displays the number of successful and failed lookups for each domain name.
Active listening ports
This table displays the number of machines and applications for each listening port number.
This table displays machine properties such as name and IP address.
This table displays user properties such as UID, groups, and home directory.
Server ports with no connection
This table displays open/listening ports without any active connections. This information can alert you to potentially unwanted open ports or it could indicate low usage. Note that any blocks, whether host-level (firewalld, iptables) or a security group/ACL/NACL are not reflected; this is strictly a list of open ports on the server. Both IPv4 and IPv6 are displayed, if supported by the OS. Also note that the listening interface is listed; although in many cases, only the loopback is listening.
List of listening servers
This table displays servers with open ports on an interface other than the loopback.
List of external facing server machines
This table displays servers that have an interface with a non-RFC1918 address. The open port/protocol is displayed as well.
Client machines making external connections
This table displays a list of hosts with connections to “remote” hosts.
TCP - client machines making external connections and UDP - client machines making external connections
These tables display detailed connection information. Details include both ends of the connection, number of connections, and amount of data transferred in both directions. If a connection is made to a known bad IP/domain, an appropriate Threat Tag is displayed as well.
External UDP connections
This table displays detailed connection information for external UDP connections. It also details the number of connections and amount of data transferred in both directions.
IP address summary
This table provides a breakdown of information about all observed connections, using various whois-type information to display the geographic distribution of connections and perceived risk.
This table displays a synopsis of lookups done by hosts. Unexpected domain lookups could require further investigation.
Resolved IP information
This table displays information about used DNS resolvers and the results. Unexpected resolvers or remote hosts might warrant more investigation.