The Console contains the following explorers:
Explorer views include Respond and Explore drop-down menus, The Respond menu provides corrective actions you can initiate on an event or other information presented in an explorer, such as shutting down a workstation when you see a problem reported in the console. The Explore menu provides a list of utilities you can use to investigate an event, event, event detail, or nDepth search result.
Event explorer displays all sequential and concurrent events related to the active event in the Console. You can view the events that occurred before, during, and after the event occurred. You can also monitor events in real time to determine their origin and destination. Use this explorer to determine what caused a rule to fire.
The Event explorer can only be opened from the Monitor view,
nDepth is a search engine that locates all event data or the original log messages that pass through a particular manager. The log data is stored in real time as it occurs from each host (network device) and source (application or tool) that is monitored by the manager. You can use nDepth to conduct custom searches, investigate your search results with a graphical tools, investigate event data in other explorers, and take action on your findings.
The NSLookup explorer is a network utility that resolved IP addresses to host names and host names to IP addresses. Use this explorer to locate a name that corresponds to the IP address that caused the rule to fire. For example, you can resolve yourcompany.com to an IP??address.
In this example, NSLookup explorer is searching for IP address of 192.168.168.10. The explorer retrieved the corresponding host name, which is grendel.corp.trigeo.com.
Opening the NSLookup explorer adds an NSLookup explorer icon to the History pane in the Explore view.
Traceroute explorer is a network utility that traces network links (or hops) from your host computer to a specific destination. Use this explorer to determine the network connections between yourself and the IP address that caused a rule to fire.
In this example, Traceroute explorer is tracing IP address 192.168.167.1. The interface displays the hops between your computer and the destination IP address. In this example, connecting to the IP address required two hops.
Opening the Traceroute Explorer adds a a Traceroute explorer icon in the History pane of the Explore view.
Whois explorer is a network utility that identifies the source of an IP address or domain name based on how it is registered with domain and network authorities. This explorer contacts the central databases for IP addresses and domain names and returns the results of any of your searches. It can tell you where something is located physically in the world, and who actually owns the device you are trying to locate. For example, you can use this explorer to identify who owns a domain that corresponds to the IP address that caused a rule to fire.
The example on the left shows the results for an IP address. The example on the right shows the results for the SolarWinds domain name, SolarWinds.com. From these results, you can find out who owns the IP address and where the server is hosted.
Opening the Whois Explorer adds a Whois explorer icon in the History pane of the Explore view.
Flow explorer performs flow analysis to determine which IP addresses or ports are generating or receiving the most network traffic. Use this explorer to analyze the volume of data (in bytes or packets) transferring to or from an IP address or port number on your network.
For example, if an unknown IP address displays at the top of the Flow explorer's activity list, you can select a bar on the graph or a row in the table and choose the Whois explorer from the Explore menu to identify the IP address and why it is transmitting so much data.
You can manually explore an IP address, host name, or domain name by opening a new explorer or entering the appropriate information into the search box of an open explorer.