The "Unique Hosts Connecting to Countries Map" is a visualization tool designed to provide a geographical overview of network connections. Its primary purpose is to help an administrator visualize the global scope of their network's communication by plotting traffic flows between internal hosts and various countries on a world map. This provides immediate situational awareness of where data is being sent and received, helping to identify normal business patterns versus anomalous or unexpected international connections that may warrant further investigation. The map itself is focused on displaying communication, not inherently on threat analysis.

A. The map shows connections, not whether a country is a known source of malware. This requires correlation with external threat intelligence feeds.

C. The map visualizes connection endpoints based on geolocation data; it does not inherently inspect the packet content to identify threats within the connection.

D. It displays all connections to and from different countries, not just those that have been confirmed as malicious intrusions.

---

1. Palo Alto Networks. (2021). PAN-OS® Administrator’s Guide Version 10.1. In the "Application Command Center" (ACC) section

the "Traffic Map" widget is described as a tool to "display the source and destination countries of the traffic on a world map

" which serves to visualize network traffic patterns. This distinguishes it from the "Threat Map

" which specifically visualizes threats. (Reference: Chapter on "ACC" -> "ACC Widgets").

2. Splunk Inc. (2022). Splunk Enterprise Security User Manual. The "Security Posture" dashboard includes panels like "Traffic by Country

" which are used to "summarize the geographic location of traffic on your network." The function is to provide a high-level

visual summary of traffic origins and destinations

not to perform intrinsic threat identification. (Reference: Section on "Security Posture Dashboard Panels").

3. Conti

G.

& Abdullah

K. (2004). Passive Visual Fingerprinting of Network Attack Tools. Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security. This academic paper discusses the use of visualization for security analysis

establishing that tools like geographical maps provide a high-level view to help analysts "orient themselves" to network activity

which is a precursor to

but distinct from

specific threat identification. (DOI: https://doi.org/10.1145/1029208.1029218

Section 2: Related Work).