Insights Reports from Network Events

This page provides a step-by-step guide to generating insights reports from your network events.

Overview

The Insights Report gives admins an in-depth view of the status and activity of your Resources and network connections. The report helps you to identify high-traffic Resources and critical issues, such as connectivity errors and potential misconfigurations, allowing you to make informed decisions about troubleshooting, Resource management, and performance optimization.

In practice, admins can use the report to achieve goals that include identifying:

all services connected to by end users (endpoints, ports and protocols) for the purpose of getting closer to a true Zero Trust permission model
overly broad Resource definitions by listing all domain names or IP addresses associated with each Resource
under- or over-provisioned Remote Networks for controlling costs and optimizing performance
Identify unused Resources that should be removed for security reasons
Identify end users with the most errors for user experience optimization
Identify Resources with high error ratios for environment optimization

The notebook provided below can be customized, many of the functions in it can be combined so as to produce additional insights.

If there are insights you feel are missing from this report, we’d love to hear from you. Please share your feedback on our subreddit

Prerequisites

You will need to run a Jupyter Notebook (Python) on a system with enough RAM to process the content of a Network Events Export

If you wish to customize the structure or content of the report, you will need to be familiar with Python and dataframes.

How to generate the Insights Report

Extract a report from Admin Console and download it locally: Network Events Export
Install Python 3 and Jupyter Notebook
Pull the existing Jupyter Notebook from our repository
Configure the second code cell to reference the full path to the report downloaded from the Admin Console and the xlsx report to create
Run all cells in the notebook in sequence

What the Insights Report covers

The Insights Report contains several tabs, each tab covers specific content as described below.

Tab Name	Description	Insights Gained
Full Resource List	Provides a comprehensive view of all addresses effectively connected to. (including total connections, errors, failure rate, TX/RX traffic, ports, and protocols used.)	- Identify the most active resources - Pinpoint resources causing the most errors for end users - Find resources that may no longer be required - Highlight high-traffic resources - Identify services accessed on specific ports/protocols - Detect addresses served by more than one resource or remote network
Resource Matching List	Maps resource definitions (FQDN or IP) to their corresponding connected IP addresses.	- Identify unnecessary broad access by showing which IPs or addresses are connected to broad resource definitions - Pinpoint specific IPs or addresses that need access - Track how changes to resource definitions affect connections, ensuring that critical access remains intact
User Activity Details	Reports per-user connection activity, including total connections, errors, and TX/RX traffic.	- Identify the busiest users by connection volume - Pinpoint users with high bandwidth usage - Detect users experiencing the most errors
User IP Details	Provides a list of all public IPs each user connects from.	- Track where end users are connecting from - Measure the diversity of networks end users are connecting from
General Error Report	Lists all Resources with at least one connection or DNS error.	- Identify frequently unreachable Resources, and pinpoint problematic connections affecting user experience
Connection Errors	Details all addresses with at least one connection error and the number of occurrences.	- Find intermittently unavailable Resources, and diagnose failure points in network paths
DNS Errors	Lists all addresses experiencing DNS resolution failures.	- Identify Resources with DNS resolution issues - Help pinpoint resources that are intermittently unresolvable by Connectors
Connector Activities	Provides per-Connector details, including the associated Remote Network, number of connections (total, successful, errored), and DNS errors.	- Identify trends or seasonality in Connector activity - Evaluate changes in Connector load and error rates over time
*Connector Name*	(one tab per existing Connector) Tracks Connector activity trends over time, broken down by day.	- Identify seasonal or time-based trends in Connector load, and predict future capacity needs based on historical activity

Last updated 12 days ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

Encryption in Twingate

API

Getting Started with the API

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Usage-based Auto-lock

Ephemeral Access

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Network Overview

Audit Logs

Network Traffic

User Activity

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Exit Networks

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating