System dashboards
System dashboards provide broad information and are useful for high-level analytics or as a starting point for pinpointing your issue.
Site Performance dashboard
Site performance location capabilities provides excellent awareness of IT service health whether at the country, city, data center levels, or even more granularity to individual service groups such as accounting. You can easily define these parameters to the individual subnet and VLAN to gain intelligence within or between these defined groups.
Figure 17: Site Performance dashboard
The Site Performance dashboard shows you on a map all of the locations you are monitoring. The locations are shown as pins or clusters. The pins or clusters are color coded using the User experience score to indicate whether that site is experiencing any issues. Also shown are tables showing user experience with server application delay and network delay for all sites. A similar table shows VoIP performance for MOS Audio and MOS Video.
Application Performance dashboard
Application Performance dashboard enables network and operations teams to monitor the current health of critical applications and quickly determine the cause of abnormalities causing service delivery issues. You can see where your trouble spots are and which applications are the slowest or busiest or even worst performing.
Figure 18: Application Performance dashboard
1. Provides context into overall traffic health and whether the issue is likely related to the network or application.
2. Should there be an anomaly, drill down for insight into application traffic distribution, patterns, volumes, or responsiveness, all of which offer end-user experience insight.
3. When required, navigate deeper into transaction details through GigaStor trace extraction which offers views into exactly where the application issue resides.
Network Performance dashboard
As the foundation of all things IT, understanding network status is crucial to successful service delivery. With that in mind, the Apex workflow begins with in-depth intelligence into overall network health. Depending on Apex welcome page search input, users will be directed to the relevant network anomaly.
You can see where your hot spots are, what your network utilization is, which applications are using the most bandwidth, and which have the largest delay.
Figure 19: Network Performance dashboard
1. View whether current performance is blue (acceptable), yellow (marginal), or red (unacceptable).
2. If performance is unacceptable or marginal, drill down into resource consumption and trouble spots.
3. Determine if it is a server or network-based issue, and clarify if the problem is transaction specific or pervasive across the environment.
UC Performance dashboard
The low-latency, high bandwidth, and real-time nature of VoIP and video makes achieving consistently acceptable levels of service delivery an ongoing challenge for network and operations teams. The Apex three-steps-to resolution UC performance workflow greatly reduces this burden.
The UC Performance dashboard shows you jitter, compares MOS scores to packet loss, average setup duration, and the number of calls started compared to calls closed.
Figure 20: VoIP Performance dashboard
1. Achieve a global perspective of call quality. If there is degradation in UC performance, the real-time reporting reveals when it occurred and who is negatively impacted.
2. Navigating to the next report provides granularity at the phone or server level, correlating lost packets directly to end-user experience.
3. If required, you can drill down to the packets using GigaStor trace extraction to obtain detailed root cause information on why calls are terminating abnormally or service is degraded.
Observer GigaFlow
The Observer GigaFlow dashboard enables service providers to utilizie the NetFlow protocol to produce results from data collected in the remote locations and branches of their network. Most deployed routers and switches are producing NetFlow results in these remote locations today. GigaFlow collects IP traffic information and monitors network traffic to provide a robust ability to understand network loading, traffic patterns, and aids with coarse grain anomaly detection.
There are three ways to navigate to Observer GigaFlow from Apex.
1. GigaFlow Analysis button on the Apex home screen
2. GigaFlow Analysis button on the left sidebar
3. GigaFlow Analysis option from the Advanced Analytics drilldown menu
When you choose any one of these options to access Observer GigaFlow, a new tab opens in your web browser and the contextual filters are passed from Apex to GigaFlow. This means information from Apex is sent over to GigaFlow for use in additional data capture.
To configure the navigation from Apex to Observer GigaFlow and to transfer information to GigaFlow, refer to How to assign a data source. For more information on how to use Observer GigaFlow, refer to the Observer GigaFlow Documentation website.
Figure 21: Observer Gigaflow dashboard
Threat Map dashboard
Threat Map is a world map overlaid with attack/event trajectories. The Threat Map proactively identitfies threats that the security tools of businesses or organizations may not be able to detect. These type of attacks might include malware that steals intellectual property or personal information of customers and employees. As the threat makers become more sophisticated, the severity of protecting the network becomes an even higher priority for corporations. The Threat Map dashboard in Apex shows a blacklist, syn activity, and profile exception reporting when attached to GigaFlow.
Black List contains entities that are known sources of suspicious behavior. Black List are common in antivirus programs, intrusion prevention/detection systems and spam filters. The source and destination of Black List activity is shown in black on the map and in the event timeline.
SYN is a TCP packet sent to another computer requesting a connection. If the destination computer receives the SYN, the source computer sends an ACK, or acknowledgment to the destination. If there is an excessive rate of SYN packets, this could indicate a network scan or sweep being performed by a compromised host on the network. The source computer has penetrated the firewall. The source and destination of SYN is shown in blue on the map and in the event timeline.
Profiler Exception is an exception created when traffic selected for profiling (using the entry flow objects) does not match any of the available “allowed profile” flow objects. When this happens, not only is there an alert generated but the 20 first exceptions to a profile will also be kept by the software so that the user can review them and alter the “allowed profiles” as required. Profiler Exceptions are shown in red on the map and in the event timeline.
Note: The Threat Map dashboard cannot be customized.
Figure 22: Threat Map dashboard
How to access the Threat Map in Apex
There are three ways to access the Apex Threat Map.
1. Threat Map button on the Welcome to Apex page. Refer to Figure 1
2. Threat Map button on the left sidebar. Refer to
3. Share button in the upper right corner of the Apex user interface. Refer to How to share a dashboard view with others
The Apex Threat Map window appears after using one of these access methods.
Understanding Threat Map filters
Between the map and the menu on the left, is a group of tables arranged vertically. The information in these tables is provided by GigaFlow and can be used as filters.
Threat Source Locations is a list of the countries where the threats originate.
Threat Destination Locations is a list of the countries where devices targeted by the threats reside.
Event IP Sources is a list of the IPs associated with the threats.
Event IP Destinations is a list of the IP addresses targeted by the threats.
Event Types is a list of the types of threats identified.
Event Categories is a list of threat categories.
Event Devices is a list of your infrastructure devices involved in the threat.
The time and date can also be used as filters. Threat Map data can be viewed in realtime, a defined or custom date range, or trailing time.
Under the map is an Event Timeline. This table summarizes the data in a bar graph.
The main table below the map displays a complete summary of the threats mapped with time. In addition to the information presented in the side tables, the main table includes:
The application involved.
The byte-size of the threat event.
The number of packets involved in the threat event.
You can drill down into each threat in the table and get additional information from the Flow Details.
How to use Threat Map filters
The Threat Map filters allow you to see the source and destination of the threat, the IP addresses involved, the event categories and devices.
The filters are versatile because you can select entries from each table and mulitple entries within those tables. Create your filter by clicking each item of interest.
Figure 23: Apex Threat Map Tables
Your filter criteria appears in the filter dropdown.
Figure 24: Apex Threat Map Filters
How to use the Threat Map time filter
Use the time and date range as a filter.
1. Click the dropdown icon .
2. Choose Custom, Trailing, or Live. Configure Custom or Trailing if you want data from an earlier timeframe. Live is realtime data and does not need to be configured.
3. Click Apply.
The dropdown menu appears.
Figure 25: Apex Threat Map Time Filter
Understanding Threat Map Flow Details
Flow Details allows you to utilize GigaFlow Forensics. GigaFlow Forensics provides granular details of the issues. Refer to to the Observer GigaFlow Documentation website for more informtion on GigaFlow Forensics.
These are the fields in Flow Details that are links to GigaFlow Forensics.
Forensics Data contains the Forensics For This Flow link to GigaFlow. This view shows what is happening between the source and destination at that time, a one-to-one flow detail.
Src Addr (source address) contains the Search - Forensics link. This view shows the details of everything that is talking to the source at that time, a one-to-many flow detail.
Dst Addr (destination address) contains the Search - Forensics link. This view shows the details of everything that is talking to the destination at that time, a one-to-many flow detail.
Under the Src Addr and Dst Addr, is an external link to a spam management service used by Threat Map to control spam email attacks.
How to use Flow Details
Locate the event in the table that you need to examine further and click the down arrow.
Figure 26: Apex Threat Map Detailed Flow
The Flow Details window appears.    
Figure 27: Apex Threat Map Flow Details
How to access GigaFlow data
Choose Forensics Data, Src Addr, or Dst Addr and click its URL.
When you choose any one of the URLs, a GigaFlow tab opens in your web browser where you can contiune diving deeper into the threat.
Understanding Forensics
Forensics is a powerful data mining tool. With the help of Traffic Forensics, you can take a deep dive into your data and isolate the most troubling situations for further investigation. The results of the investigation help you determine how you might better manage situations that negatively impact your network.
You must be connected to an Observer Apex or GigaFlow data source before you can use the Forensics capability. See How to add a data source to configure a data source.
Figure 28: Forensics dashboard
The Forensics dashboard lists all of the elements in your network and color-codes the top 10 busiest elements. It puts the busiest at the top of the list. The colored dots in the table correspond to the colors in the graph with the busiest on top. This is possible with the new Traffic Forensics widget that combines the graph and table on one page. The graph and table interact with each other. This means that when you move the cursor over the graph, the corresponding row in the table is highlighted. When you hover over a table entry, its corresponding entry in the graph is highlighted.
To learn how to use this page to isolate situations in your network for further investigation, see Understanding Traffic Forensics.