Home
Vantage
Learn how Vantage uses the power and simplicity of SaaS to deliver unmatched security and visibility across your OT, IoT and IT networks.
Administrator Guide
Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
Administration
Organization Settings
Upload Traces
The Upload Traces page lets you upload a trace, or packet capture (pcap) file, that is related to the active organization.

Vantage
Learn how Vantage uses the power and simplicity of SaaS to deliver unmatched security and visibility across your OT, IoT and IT networks.
- Introduction
  An overview of Vantage.
- Administrator Guide
  Information about the Administration section of Vantage, and the tasks that you can do in this part of the software.
  - Administration
    - Administration page
      The administration page lets a user with administrator privileges configure settings and do other tasks.
    - System
    - Teams
    - Organization Settings
      - Updates
        The Updates page gives you access to configuration tabs for update policies and to schedule updates.
      - Features
        The Features page lets you configure Vantage to show, or hide, experimental and preview features for the selected organization.
      - Sensors Synchronization Settings
        The Settings Synchronization Settings (Sync) page shows the settings that this sensor inherits from its organization.
      - Tags
        The Tags page lets you assign tags to assets for access management purposes. This lets you constrain role assignments into a specific tag.
      - Zone Configurations
        The Zone Configurations page shows all the zone configurations in your organization, and lets you add new ones.
      - Imports
        The Imports page lets you see the list of imported hardware configuration, or project files, from which asset information is extracted.
      - Asset Rules
        The Asset Rules page shows all the asset rules in your organization, and lets you add new ones.
      - Security Control Panel
        The Security Control Panel allows administrators to configure security settings across the organization.
      - Custom Fields
        The Custom Fields page lets you enrich the schema of assets and nodes, and propagate the information to every sensor.
      - Alert Close Options
        The Alert Close Options page lets you define custom explanations for closing an alert.
      - Alert Playbooks
        The Alert Playbooks page lets you define templates to follow to manage alerts. An alert playbook defines custom content that instructs alert operators, and other users, how to manage various types of alerts. Playbooks are associated with alerts that match criteria specified in an alert rule. When a matching alert is raised, the playbook's content is included on the new alert's Details page. You and your team can update this content to record progress and take notes particular to this alert.
      - Alert Rules
        The Alert Rules page shows all the alert rules that you have defined, and lets you add new ones.
      - Contents Management
        Use the Contents Management page to view, create, and manage detection content across the organization. Tabs organize content types such as packet rules, Yara rules, and Sigma rules. This interface helps streamline the application of threat detection logic in Vantage.
      - Integrations
        The Integrations page lets you use one of the available applications to connect an organization with a third-party application.
      - Traffic Replays
        The Traffic Relays page lets you load demonstration data into your environment so that you can test various features and explore Vantage. Nozomi Networks provides several traffic replays, which demonstrate different scenarios, such as an OT-focused Power Station attack.
      - CLI
        The CLI page lets you select sensors and use the text field to enter a command to execute. Vantage shows the output of sensors in the web UI.
      - Migration tasks
        The Migration tasks page lets you update your Vantage instance and downstream sensors to adapt to changes in new versions of N2OS.
      - Audit Logs
        The Audit Logs page shows detailed operational information about your sensors and the activities that they monitor.
      - Backup Schedules
        The Backup Schedules page lets you manage, view, add, edit, and delete backup schedules.
      - Upload Traces
        The Upload Traces page lets you upload a trace, or packet capture (pcap) file, that is related to the active organization.
  - Migration
  - SAML integration
- User Guide
  Information about the main features of Vantage and the tasks that you can do from the user interface (UI).
- Print format documentation
  A list of all the print-format documentation that is available for Vantage.

Upload Traces

The Upload Traces page lets you upload a trace, or packet capture (pcap) file, that is related to the active organization.

Upload Traces page — Figure 1. Upload Traces page

When a packet capture (pcap) is played for the first time, a Play Context is created automatically. This consists of a:

Site
Network domain
Virtual sensor

When other pcaps are played, they play over the same Play Context until the sensor, or the site, is deleted. In that case, a new context will be generated when playing a file.

The sensor is named Trace Sensor XXX where XXX is a randomized value. This is placed in the sensor list like the others. There is no separation of pcap data versus production data.

For each organization, there can be only be one Trace Sensor. We suggest that you create a separate organization to avoid mixing pcap data with production data.

The Trace Sensor is a real Guardian running in the cloud. Therefore, it goes through the standard synchronization process. For this reason, data will only show in the user interface (UI) after a few seconds.

Use trace timestamp

Select this to keep the original timestamps from the trace logs. This will ensure accurate event timing during analysis.

Replay speed

This dropdown lets you select the playback speed of the trace.

Replay speed dropdown — Figure 2. Replay speed dropdown

Auto play trace after upload

This lets you choose whether or not the trace will automatically play after it has been uploaded. If it is not selected, you have to manually select the icon to the left of the file that you've just uploaded. Alternatively, you can select multiple files to play and select the Play Traces option.

Security Profile

This shows the security level applied to the trace upload.

Columns

The Columns button lets you select which of the available columns for the current page will show.

Refresh

The Refresh icon lets you immediately refresh the current view.

Live

The Live toggle lets you change live view on, or off. When live mode is on, the page will refresh periodically.