Currently, the graphing capability for rules within the Monitoring section is severely hampered by the fact that you can't select SourceMachine or Destination machine as plot points. So for example, if I have a rule that has Network Audit Alert.Sourceport or .DestinationPort set to 21, I can't product a graph that shows me all of the systems doing those transactions for the time period of the graph. This makes it extremely hard to whittle down traffic that shouldn't be there. The same holds true in nDepth graphs; SourceMachine and DestinationMachine are not options for graphing.
Please include the SourceMachine and DestinationMachine fields as plot points for graphing.