Flow view
You can view sessions in a card, table or flow view. Click 
Figure 26: Search — Flow view
The flow view allows you to:
-
Quickly visualize the distribution of the sessions based on their various metadata, such as, client address, username, protocol, verdict, server address, and One Identity Safeguard for Privileged Analytics (SPA) score.
The metadata of the sessions are presented as vertical bars and each bar represents the proportional value of the data.
Example: Proportional data representation
The Verdict column shows that most of the sessions failed, a large number were accepted, and the rest of the sessions fall into the category of AUTH_FAIL, and TERMINATED.
Figure 27: Search > Flow view — proportional data representation
-
See at a glance the relationship between various metadata and identify patterns in user behavior.
Example: Relationship between metadata
You want to have an overview of activities where access was denied.
A quick look at the Verdict column shows that there were several accesses where the authentication failed (AUTH_FAIL) and the lines from the AUTH_FAIL field point to several server addresses.
Figure 28: Search > Flow view — relationship between metadata
-
Use it interactively to drill down further on information.
To drill down on information, click on an item, then click Search.
TIP: To exclude an item, press Ctrl while clicking the item.
Example: Interactive drill down
You want to investigate if there were any unusual activities. To take a closer look, in the Analytics Score column, click Unusual, then click Search.
The flow view now only displays the unusual session activities. You can further narrow your search as required.
Figure 29: Search > Flow view — interactive drill down
