Viewing Network Traffic in VMDR OT

The Network tab gives a complete view of network traffic in the industrial network. Multiple Qualys Network Passive Sensors can be deployed across the network. Each Qualys Network Passive Sensor has access to traffic with source and destination details in the flows. The Network tab shows all sources and destinations of the given port and protocol. The network list view displays the different protocols used in the network and how the assets communicate.

The network table contains the list of network traffic with the following details:

- Source asset - Source asset type - When the asset was first and last seen communicating on the network - Destination asset - Destination asset type

- Protocol/Transport protocol used for communication - Port on which they are communicating - Total traffic volume for the network - Ingress traffic volume for the network - Egress traffic for the network

In the search bar, you can build QQL queries to narrow down the scope of your network traffic search by using the supported search tokens. For more information, see Search Tokens for VMDR OT.

Use the left pane filters to search for network traffic grouped into various categories. After clicking a category in this list, your selection gets translated into a QQL query in the search bar. The network traffic that fits your selected category is displayed in the network traffic table.