Heatmap

The most useful tool in the GUI is called a Heatmap. Heatmap is an image representing number of alerts between all pairs of hosts in a graphical manner.

Fig. 1 A heatmap.

Every line on this image stands for a single target-host and each column is ascribed to a single source-host. All the data is sorted so the most interesting part with the greatest number of alerts is in the top-left corner.

Fig. 2 A magnification of the top-left corner. Each pixel shows the number of alerts
between a pair of hosts.

After clicking the selected pixel you will see that there are 2338 alerts in this time period between this pair of hosts. Hosts IPs are hidden here for privacy reasons.

You can now click on the Severities to see what are the severities of the alerts represented by this point.

Fig. 3 Severities for all selected alerts.

In this particular case all the alerts are of critical severity which means they require examination. You can now see the alerts in a table by clicking Source alerts.

Fig. 4 Source alerts for selected field.

And here you can check the details of every received alert.