- Network Tab, Analyze Device (New Portal)

The Network tab of the SIM Information box displays SIM identifiers, location information, device transactions, and allows you to perform basic SIM operations. For customers who purchase the Deep Forensics security feature, the Network tab also includes an Analyze Device screen that provides a deep-dive view of your SIM's use history and level of risk.

In this article:

Basics

The Analyze Device screen provides an overview of usage history and SIM information to indicate whether your device may be compromised. The Analyze Device screen consists of two major sections:

  • Device Summary: Provides basic SIM information ( e.g., ICCID, IMSI, Last registration, etc.).
  • Indicators of Compromise: Displays device activity from within a selected timeframe as adjustable charts for:
    • Data Transactions: Amount of data processed.
    • Data Volume: Amount of data transmitted.
    • DNS Queries: Cellular traffic.
    • Destination Endpoints: Destinations of transmission activity.
Note: The data displayed in the Analyze Device window updates every 2 hours.

Accessing the Analyze Device Screen

To access the Analyze Device screen through the SIM Information page:

  1. Log in to the Aerport portal.
  2. Click SIM in the navigation menu.
  3. Select Manage SIMs.
  4. In the Manage SIMs page, select the SIM you want to view. This opens the SIM Information page.

  5. Under SIM Operations, click Analyze device to open the Analyze Device screen.

Navigating the Analyze Device Screen

The Analyze Device screen consists of two major sections:

Device Summary

The Device Summary section outlines the following information for the SIM device you select:

  • ICCID: Identification number of the SIM.
  • IMSI: Identification number of the device user.
  • MSISDN: Subscription number of the device.
  • IMEI: Identification number of the device.
  • Active technology: Technology enabled for the SIM (e.g. LTE).
  • Device profile ID: Identification number of the device profile.
  • Allowed APNs: Approved access point names.
  • Registered: Time and date the device was first registered.
  • Last registered at: Time and date the device was last registered.
  • In data session: Whether the SIM is currently transmitting or receiving data.
  • IP address: IP address of the device.

Indicators of Compromise

The Indicators of Compromise section tracks SIM activity and displays it in charts, so you can easily view anomolous or suspicious SIM activity. The Indicators of Compromise section contains the following tabs:

Each tab includes a date filter that enables you to set a start and end date for the displayed information. Additionally, every tab includes a search bar that you can use to locate specific instances of device activity.

Data Transactions

The Data Transactions chart displays the amount of data processed over the selected period of time. The legend above the chart outlines the significance of each color, symbol, and type of line within the graph.

Beneath the chart is a table of all device activity shown in the chart. The table can contain the following column headers:

  • Destination FQDN: Fully qualified domain name of the data's destination.
  • Destination IP: IP address of the data's destination.
  • Protocol: Data transfer protocol used in each instance.
  • Port: Number of the port that received the data.
  • From Devices: Amount of data processed by the device that sent the data.
  • To Devices: Amount of data processed by the device that received the data.
  • Total Data: Total amount of processed data.

Data Volume

The Data Volume chart displays the amount of data transmitted over the selected period of time. The legend above the chart outlines the significance of each color, symbol, and type of line within the graph.

Beneath the chart is a table of all device activity shown in the chart. The table can contain the following column headers:

  • Destination FQDN: Fully qualified domain name of the data's destination.
  • Destination IP: IP address of the data's destination.
  • Protocol: Data transfer protocol used in each instance.
  • Port: Number of the port that received the data.
  • From Devices: Amount of data transmitted by the device that sent the data.
  • To Devices: Amount of data transmitted by the device that received the data.
  • Total Data: Total amount of transmitted data.

DNS Queries

The DNS Queries chart displays the amount of cellular traffic that occured over the selected period of time. The legend above the chart outlines the significance of each color, symbol, and type of line within the graph.

Beneath the chart is a table of all device activity shown in the chart. The table can contain the following column headers:
  • Destination FQDN: Fully qualified domain name of the data's destination.
  • Destination IP: IP address of the data's destination.
  • Protocol: Data transfer protocol used in each instance.
  • Port: Number of the port that received the data.
  • Public/Private: Whether the cellular traffic was private or public.
  • Queries: Number of requests for data.
  • From Devices: Amount of cellular traffic caused by the device that sent the data.
  • To Devices: Amount of cellulary traffic caused by the device that received the data.
  • Total Data: Total amount of cellular traffic.

Destination Endpoints

The Destination Endpoints chart displays the destinations of transmission activity from the selected period of time. The legend above the chart outlines the significance of each color, symbol, and type of line within the graph.

Beneath the chart is a table of all device activity shown in the chart. The table can contain the following column headers:
  • Destination FQDN: Fully qualified domain name of the data's destination.
  • Destination IP: IP address of the data's destination.
  • Protocol: Data transfer protocol used in each instance.
  • Port: Number of the port that received the data.
  • IP Flow Count: Number of Netflows observed for the destination endpoint. A Netflow is a record of IP flow traffic between a device and server, which contains communication metrics at the Source IP, Source Port, Destination IP, Destination Port, and Protocol level.
  • From Devices: Amount of data transmitted by the device that sent the data.
  • To Devices: Amount of data transmitted by the device that received the data.
  • Total Data: Total amount of transmitted data.

Exporting the Charts

In any of the tabs, click Export to export the chart data as a .csv file.

When you open .xlsx files in Microsoft Excel, long numbers like device IDs may default to a general format similar to scientific notation. To view the full ID numbers:

  1. Select the range of cells you want to view.
  2. Right-click the selected range.
  3. Click Format > Number format.

You can open a .csv file by importing it through the Microsoft Excel Data menu. To import your report file to Microsoft Excel:

  1. Open Microsoft Excel and create a blank workbook.
  2. Select Data > From Text or From Text/CSV.
  3. Locate the .csv file in your Downloads or other designated folder.
  4. Right-click the file and select Import.
  5. Follow the subsequent prompts to specify a comma-delimited file.
  6. If you see an option for Data Type Detection, select Do not detect data types.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.