For a burst of requests, e.g. 3+ more requests < 60 seconds, the requests should be aggregated, and be able to expand these requests.
If a client is connecting to an HTTPS resource via TCP/443, it can create a lot of connections to various backend APIs, etc. on the same hostname.
It’s possibly a separate feature request, but, being able to aggregate all requests per user as well would also be nice. For example, “Recent Users” would be shown with a statistics of their recent requests, and another dropdown to be able to see each individual request.
hi @mroark-pf9, thank you for sharing your feedback! We will forward it to our Product team.
In the meantime, you should be able to more finely analyze your network events by setting up your Connectors to forward their Analytics logs to a SIEM or Log Aggregator (take a look here: Ingesting Connector logs into SIEMs | Docs).
Alternatively, if you don’t run a SIEM / Log Aggregator, you can also script the export to any other system. You can also export all events across all Remote Networks and Connectors from the Admin Console: Analyzing Network Traffic | Docs. Each event will contain roughly the same metadata (the Admin Console generates a CSV report while the Connectors generate JSON formatted events):
I don’t know if it would be helpful but we do have some internal tooling that can be used to convert both JSON formatted Connector logs and JASON formatted Admin Console Event Reports into a dataframe which makes it very easy to process using Python. Happy to share those if you are interested.