I mean, it’s pretty and all, but that doesn’t mean it conveys any meaningful information. It’s interesting to know that some domain is the most contacted domain, but not particularly useful, especially since I can’t really sort that way in the table.
The goal here is to find the most suspicious entries? Certainly, those wont be the most contacted domainnames.
I’m also not a fan of the old top 6 whatever in a circle.
I don’t know how hard this would be, but having a table of the top, say 10, for each of the Client and Hostname and maybe Port, then when you click on the table, it expands to list more of the items with possible breakouts.
Sorting by Hostname should sort like this:
apple.com
a.apple.com
b.apple.com
c.apple.com
a.c.apple.com
I’ve actually sorted by Hostname and it’s really not sorted at all as far as I can tell.