Watchguard Cloud bandwidth usage reporting
I'm in the process of investigating multiple Windows 10 hosts that are using excessive bandwidth sporadically. From what I've gathered so far, OfficeClickToRun.exe, while using excessive CPU, is also occasionally downloading ridiculous amounts of data for no apparent reason. Like 650 Mbps for 10-15 minutes straight. So far I've manually observed it happening while viewing Bandwidth meter in FSM. Combining that with HostWatch, I can see which machine is the culprit, but I have to do it in real time.
I've been logging data to Watchguard Cloud with the hope of being able to pull reports that will quickly show which hosts are problematic and a which times to try to see if there is any pattern.
Today for example, I know one machine was exhibiting this behavior between 9-9:30am. When I look at at Health > Interface Summary in WG Cloud for that time frame, it shows a graph that matches what I observed - about 64GB downloaded at 9:15.
However, any other report that I run to narrow down which hosts are responsible for all of the bandwidth usage, the results don't jive. In this case I know the host responsible for that 64 GB download is 192.168.12.116. But when I view Traffic > Top Clients set to filter on Hosts/Sent and Received/By Bandwidth, 192.168.12.116 is 8th on list and only shows 63.73 MB received.
And even the top entry shows only 4171 MB received. The total of everything on this report is 6833 MB received, a far cry from the 64 GB reported on the Interface Summary.
Any other host-centric reports show similar results where only a fraction of what was actually consumed is reported. Any ideas why that would be?