Topology
The network topology is the reconstructed visualization of the ingested collection files.
Overview
The Topology contains the reconstructed network. All assets discovered and identified by the analytics engine will be displayed within the topology, both graphically and within a table.
The Topology section contains 3 tabs and each tab can be modified to create a custom view:
- Network
- Inventory
- External Hosts
Example topology
Network Tab
The Network tab contains the visualization of the reconstructed network topology. Within this view, users will see all physical and logical connections between assets.
Hovering over an asset within the topology with provide the user with a high level summary of the asset.
Hovering over an asset
Left-clicking on an asset with provide the user with detailed information about the asset. This information will be displayed within the Inspector panel. Users can select more than 1 asset to view information about multiple assets.
View the table below to learn how to navigate within the Network view:
| Description | Action |
|---|---|
| Pan | Right-click OR CTRL + Left-click + drag |
| Zoom | CTRL + Scroll wheel |
| Scroll Vertically | Scroll wheel |
| Scroll Horizontally | SHIFT + Scroll wheel |
| Box select | Left-click + drag |
| Grow/Shrink select | SHIFT + left-click [+ drag] |
Asset Search
Users can search for a specific asset within the network topology. The following metadata will be searched: Hostnames, IP Address, OS, MAC Address, Model, Tags, and ID.
When searching for an asset, any asset containing the search criteria will be highlighted within the topology and displayed within the search dropdown. Assets which do not match the search criteria will be grayed out. The search text field allows for generic regular expressions.
Left-clicking on an item within the search dropdown will select it within the topology.
Search dropdown
See the table below for sample search criteria and results:
| Search Criteria | Description |
|---|---|
| 192.168.27.103 | Search for asset with IP address 192.168.27.103 |
| 192.168 | Search for any asset with IP address containing 192.168 |
| 9D:F2:C2 | Search for any asset with MAC address containing 9D:F2:C2 |
| vulnerable | Search for any asset with a common vulnerability (CVE) |
| linux | Search for any asset running the Linux operating system |
| Hacking Target | Search for any asset with tag "Hacking Target" |
| google.com | Search for any asset with tag/domain google.com |
| 10.*10[0-9].36 | Search for any IP addresses starting with 10. and ending in 10#.36 |
Inventory Tab
The Inventory displays all identified assets in a tabular format. The table can be sorted by clicking on the desired header. Clicking on a table row will update the Inspector panel with detailed information about the selected asset.
Example Inventory table
External Hosts Tab
External Hosts are assets which are identified to be in the public IP address space. Much like the Inventory panel, the table can be sorted and rows can be clicked on to reveal additional information about the selected asset.
Example External Hosts table
Custom Views
Users can manipulate the Topology tabs to better suit their needs. Each panel can be moved and resized. Want to view the network topology and the inventory at the same time? Simply move the Inventory tab to the left and view the topology on the right. Want the network topology to take up the entirety of the screen? Simply click on the maximize button.
Follow the steps below to display both the network topology and the Inventory tab:
- Open a Project
- Select the Network tab
- Left-click on the Inventory tab and drag it down and to the right
- Position the Inventory tab where you'd like
- When the translucent box appears, release the mouse
Inventory moved to bottom right
Filter Topology by IP
Users may filter the topology to display only the desired subnet. This allows the user to limit the amount of information displayed within the topology.
Follow the steps below to filter the topology to only displayed the desired subnet:
- Open a Project
- At the top of the screen, left-click on the project name
- Select the Customize Internal/External Assets option
Customize Internal/External Assets
- Enter the desired CIDR notation
CIDR Netmask entry
- Select the Update button
- View the filtered topology
Filtered topology
Filtered Inventory
Download Asset Inventory
The entire Inventory (and External Hosts) listing can be downloaded as CSV. All field headers are returned in the CSV output.
Follow the steps below to export the listing as CSV:
- Open a Project
- At the top of the screen, left-click on the project name
- Select the Download Complete Inventory (CSV) option
- The CSV file can now be opened in an office application
Topology Screenshots
Users can take a screenshot of the current topology viewport of the entire topology. The resulting file is a .png. The screenshot will be in the "Flat" format and will contain all labels.
Follows the steps below to export the topology as a .png:
- Set the desired zoom level and topology of the orientation
- Select the Download this Graph (PNG) option
- Select the desired Download Option
Topology screenshot
Updated 3 months ago