Network Map
The Network Map provides an interactive topology visualization of your workspace's networks and assets. It renders networks as grouping nodes and assets as individual nodes, with visual indicators for vulnerability counts, asset types, and connectivity. Use it to understand your attack surface at a glance, identify high-risk hosts, and navigate to asset details.
How It Works
The Network Map fetches your workspace's networks and their associated assets, then renders them as an interactive graph using the Cytoscape.js library. Networks appear as container nodes that can be expanded to reveal their assets. Assets are displayed with icons representing their device type (server, router, firewall, etc.) and color-coded badges indicating their vulnerability count and severity.
The graph updates dynamically as you expand and collapse networks, apply filters, or refresh the data.
Network Grouping and Hierarchy
The map organizes your infrastructure in a two-level hierarchy:
- Network Nodes -- Each network in your workspace appears as a collapsible group node showing the network name and CIDR range.
- Asset Nodes -- When a network is expanded, its assets appear as individual nodes within the group.
Click a network node to expand it and reveal its assets. Click again to collapse it. You can expand multiple networks simultaneously to compare assets across different segments.
Asset Nodes
Each asset node displays:
- Device Type Icon -- A visual icon matching the asset's type (server, router, firewall, switch, wireless access point, modem, desktop/laptop, printer, camera, smart TV, cell phone, VoIP phone, IoT device, or unknown).
- Label -- The asset's hostname or IP address.
- Vulnerability Badge -- A count overlay showing the number of vulnerabilities associated with the asset, color-coded by the highest severity.
MAC Address Links
When assets share a MAC address vendor prefix or have other MAC-based relationships, the map draws link edges between them. This helps visualize potential layer-2 connectivity and identify assets that may be on the same physical network segment.
Interactive Controls
The Network Map toolbar provides the following controls:
| Control | Action |
|---|---|
| Zoom In | Increase the zoom level to focus on a specific area. |
| Zoom Out | Decrease the zoom level to see more of the map. |
| Fit | Automatically zoom and pan to fit all visible nodes in the viewport. |
| Reset | Reset the graph layout to its default positions. |
| Refresh | Re-fetch network and asset data from the server. |
| Toggle Sidebar | Show or hide the filter sidebar. |
| Fullscreen | Toggle fullscreen mode for the map view. |
| Export PNG | Download the current map view as a PNG image. |
| Export Draw.io | Export the map as a Draw.io (diagrams.net) XML file for further editing. |
You can also click and drag to pan around the map, and use your scroll wheel to zoom.
Filtering
The filter sidebar allows you to narrow the map to specific asset types or tags:
Asset Type Filter
Toggle visibility of assets by their device type. The available types include:
- Server, Router, Firewall, Switch
- Wireless Access Point, Modem
- Desktop/Laptop, Printer
- Camera, Smart TV, Cell Phone, VoIP Phone
- IoT, Unknown, Other
Deselecting an asset type hides all assets of that type from the map while keeping other assets visible.
Tag Filter
If your assets have tags, you can filter the map to show only assets with specific tags selected.
Clicking Assets for Details
Click an asset node on the map to open the Asset Detail Panel. This side panel shows key information about the selected asset without navigating away from the map:
- IP address and hostname
- Operating system and version
- Device type and associated network
- Vulnerability summary
From the detail panel, you can navigate to the asset's full detail page for complete information.
Using the Map for Security Assessment
The Network Map is useful throughout the security assessment lifecycle:
- Pre-scan planning -- Visualize which networks are in scope and identify segments that need scanning.
- Post-scan review -- After running WingSpan scans, see newly discovered assets in context and identify which hosts have the most open ports or vulnerabilities.
- Attack surface analysis -- Quickly identify high-value targets by looking for assets with high vulnerability counts. The severity-colored badges make critical and high-severity concentrations immediately visible.
- Lateral movement assessment -- Use MAC address links and network grouping to understand potential lateral movement paths between segments.
- Reporting -- Export the map as a PNG to include as a visual in your security assessment reports, or export as Draw.io for customized network diagrams.
Expand only the networks you are currently analyzing. Keeping other networks collapsed reduces visual clutter and improves graph performance on large workspaces.
Use the Export Draw.io feature to create editable network diagrams. You can import the exported XML into diagrams.net (Draw.io) and customize it with additional annotations, styling, and layout adjustments for client presentations.
The Network Map loads asset data on demand as you expand networks. For workspaces with many networks, this keeps the initial load fast. Data is cached for 5 minutes before re-fetching.