Monitor Bandwidth-Consuming Application Processes and Users

Applies To: WatchGuard Advanced Reporting Tool

Large amounts of sent data can indicate data exfiltration. Applications that behave in an anomalous way can indicate malfunction or compromise. Use the Bandwidth Consumers tab to find applications and users that send or receive large amounts of data.

Users who send a high amount of traffic might indicate data exfiltration operations, and can provide early insight into potential user and device misuse.

Screen shot of Advanced Visualization Tool, ART > Bandwidth Consumers tab

To see application processes and users that generate high inbound and outbound data volume, from the WatchGuard EPDR or WatchGuard EDR web UI:

  1. From the top navigation bar, select Status.
  2. From the left pane, select Advanced Visualization Tool.
    A new browser tab opens.
  3. From the left pane, select Advanced Reporting > Data Access Control.
  4. Select the time period to filter the data on.

Screen shot of Advanced Visualization Tool, date selector

  1. Click Refresh.
    The dashboard shows information for the time period selected.
  2. Select the Bandwidth Consumers tab.
  3. In the Applications section, review the applications that receive a high amount of data.
    Applications that receive a high amount of data can indicate machines or users that download problematic files.
  4. In the Machine-User section, review the users who send a high amount of data.
    High amounts of data can also indicate failed application updates that continually redownload data.

See Also

Data Access Control Dashboard

Monitor Outbound Network Traffic

Monitor User Activity

Monitor the Data Files Accessed