The purpose of a dual monitor interface to VIAssist is to present summarizations of the data source in conjunction with event-specific details.  Visualizations that summarize a data source are a quick and easy method of visually detecting extreme data points or outliers that may be associated with a critical asset.  A DashBoard, for example, is a quick method of summarizing connection data from the data repository using the DashBoard’s Top 10 Lists. The Top 10 Lists enumerate network resources that have the largest number of transaction (connection) records from the data repository. The Dashboard is pre-configured to display Top 10 lists in 4 separate tabs for Destination IPs, Source IPs, Destination Ports, and Source Ports.

 To visualize a summarization of the data source as Top 10 Lists, a user can insert a DashBoard into a VIAssist workspace by selecting the DashBoard option from the Insert Menu.From an analyst’s perspective, the identification of suspicious network traffic may be detected quickly with the use of the DashBoard’s Top 10 Lists.  A large amount of activity on non-standard ports, for example, may indicate suspicious movement of network traffic.  In contrast, a small volume of network traffic to a widely used IP address, such as a web or database server, suggests a disruption of service may be taking place which can lead to an interruption of service without further investigation. 

IP address and port data are enumerated in the DashBoard and sorted in descending order by their total number of records in the VIAssist data repository.  Port 80, for example, is an HTTP port to a web server, which is known to receive a high volume of network traffic.  In the example above, port 80 appears to have a large amount of traffic that the analyst will deem as normal.  (In case an analyst doesn’t know the significance of a port, a port look-up utility is built into the VIAssist Framework using a web browser.  Information known about port 80 is obtained quickly using the VIAssist Port Lookup utility.)

To provide further data awareness to the analyst, the second VIAssist monitor is available to display additional visualizations containing detailed information about network activity or data in question.  Investigating network activity involving port 80, for example, may be easily visualized using a configured Table Lens.