Applies To: WatchGuard Advanced Reporting Tool
Large amounts of sent data can indicate data exfiltration. Applications that behave in an anomalous way can indicate malfunction or compromise. Use the Bandwidth Consumers tab to find applications and users that send or receive large amounts of data.
Users who send a high amount of traffic might indicate data exfiltration operations, and can provide early insight into potential user and device misuse.
To see application processes and users that generate high inbound and outbound data volume, from the WatchGuard EPDR or WatchGuard EDR management UI:
- In WatchGuard Cloud, select Monitor > Endpoints.
- Select Status.
- From the left pane, select Advanced Visualization Tool.
A new browser tab opens.
- From the left pane, select Advanced Reporting > Data Access Control.
- Select the time period to filter the data on.
- Click Refresh.
The dashboard shows information for the time period selected.
- Select the Bandwidth Consumers tab.
- In the Applications section, review the applications that receive a high amount of data.
Applications that receive a high amount of data can indicate machines or users that download problematic files.
- In the Machine-User section, review the users who send a high amount of data.
High amounts of data can also indicate failed application updates that continually redownload data.