3.2.3.4.5.1. Segmentation Overview

The Segmentation Overview displays all the events related to the segmentation use case. These events are categorized in three different windows:

3.2.3.4.5.1.1. Header

The three available views in the Segmentation Overview section show different information. However, they have a common header, which refers to a consistent section at the top of each view that contains shared information.

../../../../../_images/segmentation_header.png

Menu

The menu features different windows: VLAN, Devices, and NGFW (Next-Generation Firewall). Each window offers distinct dashboard views, allowing you to navigate between these sections. The following topics will explore these menu options in detail.

This header composed of four dashboards allows filtering by Network Device Location, Device Network Name, Device Network CDIRs, Endpoint Types. It will always look for the temporary index that is regenerated every day. In this toolbar, filter your data using KQL syntax.

3.2.3.4.5.1.2. VLAN

The VLAN window displays information about the VLANs and its users and devices.

../../../../../_images/segmentation2.png

Devices per VLAN: Represents the percentage of devices per VLAN.
VLAN devices overview: Shows the different VLANs with the event count.
VLAN timestamp: Shows the VLAN devices events, separated by VLAN on a timeline.
EPT/VLAN: Shows the different VLANs with the event count for each one, separated by the endpoint type.

../../../../../_images/segmentation6.png

VLAN/Users events: Shows the different VLANs with the event count for each one, separated by the users.
Users per VLAN: Represents the percentage of user per VLAN.

3.2.3.4.5.1.3. Devices

The Devices window displays information about the network devices authentications and the ACLs.

../../../../../_images/segmentation3.png

Network device authentications: Shows a table with the network device authentications. In this table, the network device IP is represented, as well as the total of authentications, the MAB authentications, the USER authentications, the VPN authentications, the 802.1X USER authentications, the 802.1X USER CERT authentications, the 802.1X HOST authentications and the 802.1X HOST CERT authentications.
NetDev authentications timestamp: Shows the network device authentication events, separated by network device IP and authentication type on a timeline.

../../../../../_images/segmentation4.png

ACLs applied: Shows a table with the ACL events. In this table, the timestamp is represented, as well as the user device IP, the ACL matched, the policy passed, the user ID, the network device IP and the vlan assigned.
ACLs timestamp: Shows the ACLs events, separated by policy matched on a timeline.

3.2.3.4.5.1.4. NGFW

The NGFW window displays information about the Next-Generation Firewalls, which are FortiGate and PaloAlto.

../../../../../_images/segmentation5.png

FortiGate Accounting table: Shows a table with the FortiGate events. This table represents, the user device IP, as well as the user device MAC, the hostname, the network device IP, the internal cache tag, the custom parameters and how many times this event is repeated.
PaloAlto table: Shows a table with the PaloAlto events. This table represents the user device IP, as well as the user device MAC, the hostname, the network device IP, the PaloAlto tag, the custom parameters and how many times this event is repeated.
NGFW timestamp: Shows the next generation firewall events, separated by PaloAlto and FortiGate on a timeline.