Network Logs

このコンテンツはまだ日本語に翻訳されていません。

Network Logs provides NDR (Network Detection and Response) flow monitoring across your infrastructure. Analyze traffic patterns, investigate suspicious connections, and monitor protocol usage in real time.

Protocol Breakdown

Network flows are categorized by protocol:

Protocol	Description
TCP	Connection-oriented traffic (HTTP, SSH, RDP, etc.)
UDP	Connectionless traffic (DNS, SNMP, syslog, etc.)
DNS	Domain name resolution queries and responses
HTTP	Web traffic with method, URL, and status code details
TLS	Encrypted connections with certificate and cipher metadata
ICMP	Ping, traceroute, and network diagnostic traffic

Time Range

The default time range is 24 hours.

Preset Options

Select from predefined ranges: 15m, 1h, 6h, 24h, 7d, 30d, or set a custom date/time window.

Protocol Histogram

A color-coded stacked bar chart displays network flow volume over the selected time range. Each protocol is assigned a distinct color for quick visual identification of traffic composition and anomalies.

Search and Filtering

Query Syntax

Use the search bar to filter flows by any field. Dedicated filter dropdowns are available for:

Protocol: Filter by TCP, UDP, DNS, HTTP, TLS, ICMP
Action: Filter by allow, deny, drop, reset
Direction: Filter by inbound, outbound, internal

Field Browser

A field browser panel on the left lists all available network-specific fields such as src_ip, dst_ip, src_port, dst_port, protocol, bytes_in, bytes_out, geo.country, and tls.ja3. Click any field to add it as a filter or display column.

Infinite Scroll

Results load progressively as you scroll down using IntersectionObserver. There is no pagination — new batches of flows are fetched automatically when you reach the bottom of the current results.

Live Mode

Activate Live Mode to auto-refresh results every 5 seconds. New flows appear at the top of the results table, providing near-real-time visibility into network activity.

Access Requirements

Network Logs requires the Respond (MDR) tier or above.