Description
Silverline will start categorizing incoming traffic as soon as the Threat Intelligence Profile has been deployed and, as a result, start to log the actions it has performed in the Silverline infrastructure. This article explains how to review the logged Threat Intelligence Profile actions in the Silverline Portal.
Environment
- Silverline Portal
- Threat Intelligence
Procedure
- In the Silverline Portal, go to Monitor & Analyze > Stats > Threat Intelligence
- Once the Threat Intelligence Profile has been deployed for some time (the example below shows a 3 month view), then data will become available for examination.
- Requests by Category - number of times a host has been identified as one that matches a Threat Intelligence category, shown over time
- Requests Category summary - number of times a host has been identified as one that matches a Threat Intelligence category, shown as the aggregate total over selected timeframe.
3. Modify timeframe: Use either one of the presets (last 24 hours, past week or past month) or specify your own time range.
4. Filters: filter the graphs by the using blue drop-downs at the top
- Proxy
- Threat Category
- Profile Name
- Action - the number of host matches that resulted in being logged rather than blocked.
- Source IP
- Destination IP - per proxy the number of blocked or logged host matches
Related Content
- Threat Intelligence: Overview - includes Threat Category descriptions
- Threat Intelligence: Configuration