Follow

Threat Intelligence: Monitoring / Stats

Description

Silverline will start categorizing incoming traffic as soon as the Threat Intelligence Profile has been deployed and, as a result, start to log the actions it has performed in the Silverline infrastructure. This article explains how to review the logged Threat Intelligence Profile actions in the Silverline Portal.

 

Environment

  • Silverline Portal
  • Threat Intelligence

 

Procedure

  1. In the Silverline Portal, go to Monitor & Analyze > Stats > Threat Intelligence
  2. Once the Threat Intelligence Profile has been deployed for some time (the example below shows a 3 month view), then data will become available for examination.

  • Requests by Category - number of times a host has been identified as one that matches a Threat Intelligence category, shown over time
  • Requests Category summary - number of times a host has been identified as one that matches a Threat Intelligence category, shown as the aggregate total over selected timeframe.

3. Modify timeframe: Use either one of the presets (last 24 hours, past week or past month) or specify your own time range.

4. Filters: filter the graphs by the using blue drop-downs at the top

  • Proxy
  • Threat Category
  • Profile Name
  • Action - the number of host matches that resulted in being logged rather than blocked.
  • Source IP
  • Destination IP - per proxy the number of blocked or logged host matches

 

Related Content

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request