Network analysts and other users often have reason to examine network activity associated with individual computing devices or with a relatively small number of networked computing devices connected to a larger network. This information can be useful, for example, to diagnose network performance issues, to investigate potential network security issues, and for other purposes. For example, a network analyst might use a security information and event management (SIEM) application to capture network traffic information and to view information about security alerts and other information related to individual devices on a network.
While information about the activity of one or a small number of networked computing devices can be useful, the ability to obtain a “10,000-foot view” of network activity involving a large number of networked devices can be also useful in many situations. For example, a network analyst examining a corporate network for the first time might desire high-level information related to the activity of devices spread across the entire corporate network. This high-level information of interest might include, for example, information related to other internal and external devices with which the devices of the corporate network are communicating.