Powered by Zoomin Software. For more details please contactZoomin

Flowmon ADS User Guide

Table of Contents

Context Menu

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 4 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

The context menu is a way to quickly control the application. The context menu brings together all the actions that can be performed with the respective user interface element.

Context menu for an IP address

One of the most frequently used context menus is the IP address menu. It can be activated by clicking the arrow that appears after hovering over the IP address (in the Events section). It includes the following items:

IP address context menu
IP address context menu

Copy to clipboard

Copies the content of the element (in this case it is an IP address) to the clipboard.

General information

Information about the translation of IP address to the DNS name, obtaining the Application information (application name, platform, category, homepage, and description), the WHOIS information, and displaying custom information about the IP address (if specified – see Configuring filters). The data is displayed in a moving window.

Browse IDS Events

IDS events browser. For further information, refer to the IDS Browser section.

Add to filter

It is possible to add the IP address to the existing filter. This action opens a modal window where you can choose the filter where the IP address should be added. The corresponding domain name for the IP address is inserted as a note (if present).

Show filters for this IP

Shows a list of all defined filters that contain the IP address that activated the context menu.

This view is available in the Events page. If you click Related events from the context menu, a tab is created in the Analysis page showing events using the By host view.

Aggregated events

View of aggregated events on a timeline associated with the IP address. When you click this option you are brought to the Events → Aggregated view.

IP Tools

Common diagnostic IP tools that include:

  • Ping: Checks availability of the selected IP addresses.

  • Traceroute: Computer network tool for measuring the route path and transit times of packets across an Internet Protocol (IP) network.

  • LDAP: Displays information about the selected IP address obtained from the LDAP database (its configuration in the ADS module is described in the Querying LDAP Settings section).

  • Information from ePO: Displays information about the selected IP address obtained from the McAfee ePolicy Orchestrator database (its configuration in the ADS module is described in the ePolicy Orchestrator Connection Settings section).

External IP queries

Allows you to display additional information about IP addresses using the user-defined external internet services (their definition is described in the External Queries section).

External hostname services

Similar to the previous option, this displays additional information about hostnames using the user-defined external internet services (their definition is also described in the External queries section).

Event context menu

Another useful menu is the context menu for an event. It can be activated by clicking the three dots icon at the end of a row with an event. It consists of the following items:

Event detail

Shows event-related information (categorization, notes).

Event evidence

Detailed view of events including all data flows from which the event has been generated (see the Event evidence chapter).

Manage event categories

Classification of events as per user-defined categories.

Add new comment

Opens a dialog window that allows you to add new comment to the event.

Shows IDS events related to source or target IP addresses.

Visualize event

A view of the events through an interactive chart based on the flow data caused by the event.

Mark as false positive

Marks the event as false alarm. The event will no longer be reported. For further information see the False Positives section.

Report as false positive

It is possible to send an email about a false positive event to the Flowmon Networks company. The email would consist of event details data, flow entries that are related to the event, application model and version and of the customer's name. The data is used to improve detection methods. The data is processed in accordance with the law on personal data protection. We recommend you add a comment describing what is wrong with the detected event.

Context menu of an event type

The next menu is the context menu for an event type. It can be activated by clicking the arrow icon next to the name of an event type. You can find it, for example, in the Events Simple list section. It consists of the following items:

Context menu of an event type
Context menu of an event type

Display events of this type

Display a view showing all events of the same type using the Simple list view.

Other types of the context menus

There are other context menus available for the specific parts of the GUI. There are also context menus for the MAC addresses and for the graph in the Analysis section. Both of them offer options that are mostly covered in the previous sections.

TitleResults for “How to create a CRG?”Also Available inAlert