Skip to main content

Overview

The XIMP Network Traffic Monitoring module provides deep visibility into traffic flows, bandwidth consumption, and protocol distribution across your virtual and physical networks. Operations teams use it to identify top bandwidth consumers, investigate anomalous patterns, and baseline normal network behavior.
Prerequisites

Network Traffic Views

Navigate to Monitoring → Network to access network monitoring views.
ViewShows
Traffic OverviewTotal inbound/outbound traffic per interface over time
Top TalkersHighest-bandwidth source/destination pairs
Protocol AnalysisTraffic breakdown by protocol (TCP, UDP, ICMP, application layer)
Flow TableIndividual network flows with source, destination, port, and bytes
Anomaly DetectionUnusual traffic patterns flagged by behavioral analysis
Set the Scope filter to a specific project, network, or subnet to isolate traffic for a particular project or application tier.

Analyzing Traffic Anomalies

Review the Anomaly Detection panel

Navigate to Monitoring → Network → Anomaly Detection. XIMP uses behavioral baselines to flag traffic patterns that deviate significantly from historical norms.Each anomaly entry shows:
  • Detection time and duration
  • Affected host or network segment
  • Anomaly type (volumetric, port scan, protocol violation, etc.)
  • Confidence score

Drill into suspicious flows

Click on an anomaly event to view the associated flow records. Use the Flow Table to examine individual connections:
ColumnDescription
Source IPOriginating IP address
Destination IPTarget IP address
PortDestination port
ProtocolTCP, UDP, ICMP
BytesTotal data transferred in this flow
DurationFlow lifetime in seconds

Correlate with logs

Cross-reference suspicious traffic with log events in the Log Explorer:
host:<SUSPICIOUS_IP> level:ERROR
Combined network flow data and log events often confirm whether an anomaly is malicious or benign (e.g., a legitimate backup job generating unusual burst traffic).
Use XIMP’s Linked Panels feature to open the Log Explorer pre-filtered to the host and time range of a network anomaly with a single click.

Setting Network Traffic Alerts

Alert on network conditions that indicate problems or security events:
Navigate to Monitoring → Alerting → Alert Rules → New Alert Rule:
FieldValue
Metricxloud_network_interface_rx_bytes
Condition>
Threshold900000000 (900 MB/s — 90% of 1 GbE)
Evaluation Period5 minutes
SeverityWarning

Next Steps

Metrics & Alerts

Create bandwidth and packet loss alert rules

Log Analytics

Correlate network anomalies with log events from the same time window

Alert Rules (Advanced)

Configure compound alert conditions and escalation for network events

XIMP Admin — DDoS Protection

Configure automatic DDoS mitigation policies (administrator)