Monitor Bandwidth-Consuming Application Processes and Users

Applies To: WatchGuard Advanced Reporting Tool This topic applies to the optional WatchGuard endpoint security module, Advanced Reporting Tool. The Advanced Reporting Tool is available with WatchGuard EPDR and WatchGuard EDR.

Large amounts of sent data can indicate data exfiltration. Applications that behave in an anomalous way can indicate malfunction or compromise. Use the Bandwidth Consumers tab to find applications and users that send or receive large amounts of data.

Users who send a high amount of traffic might indicate data exfiltration operations, and can provide early insight into potential user and device misuse.

To see application processes and users that generate high inbound and outbound data volume, from the WatchGuard Endpoint Security management UI:

1. In WatchGuard Cloud, select Monitor > Endpoints.
2. Select Status.
3. From the left pane, select Advanced Visualization Tool.
   A new browser tab opens.
4. From the left pane, select Advanced Reporting > Data Access Control.
5. Select the time period to filter the data on.

6. Click Refresh.
   The dashboard shows information for the time period selected.
7. Select the Bandwidth Consumers tab.
8. In the Applications section, review the applications that receive a high amount of data.
   Applications that receive a high amount of data can indicate machines or users that download problematic files.
9. In the Machine-User section, review the users who send a high amount of data.
   High amounts of data can also indicate failed application updates that continually redownload data.

Related Topics

Data Access Control Dashboard

Monitor Outbound Network Traffic

Monitor User Activity

Monitor the Data Files Accessed