Skip to main content

Cloud

Risk Reports

This is an overview of the Risk Report feature. For instructions on generating a Risk Report, see Generated reports. For a list of services that Illumio considers to be at risk, see Risky Services.

The Generated Reports page lets you download a .PDF report summarizing the following at the account/subscription level:

  • Total count of ransomware-susceptible traffic flows

  • Total count of resources in your cloud environment affected by such flows

Before you click Download, you can toggle to include or exclude the following details from the report:

  • Top Sources/Destinations

  • Top Conversations

You can also select the time frame and whether to sort by byte count or flow count.

When generating the report, Illumio Cloud reviews your traffic against a list of services that are susceptible to ransomware attacks. It provides an executive summary. If it finds any susceptible services, it displays the following details:

  • An Onboarded Account Summary table, containing the following columns:

    • Cloud

    • Number of Accounts with Risk

    • Number of Accounts

  • An Observed Risky Activities Summary table, containing the following columns:

    • Service

    • Port

    • Protocol

    • Severity

    • Active Accounts

  • A Ransomware Risky Services Detected table for each at-risk service, with the following columns:

    • Account, tallying all accounts identified as affected by the risk

    • Flow Count, tallying all traffic flows identified as affected by the risk

    • Byte Count, tallying the volume identified as affected by the risk

    • Resource Count, tallying all resources identified as affected by the risk

  • If enabled, a Top Sources By Flow/Byte Count table for each service, with the following columns:

    • Top Sources By Flow/Byte count, ordering all sources identified as affected by the risk

    • CSP Resource ID

    • Account

    • Flow Count, tallying all traffic flows identified as affected by the risk

    • Byte Count, tallying the volume identified as affected by the risk

    • Origin, indicating if the risk is external or internal

  • If enabled, a Top Destinations By Flow/Byte Count table for each account, with essentially the same columns as the top sources tables

  • If enabled, a Top Conversation Flow/Byte Count table for each account, with essentially the same columns as the top sources/top destinations tables

  • If Illumio Cloud does not find any of your traffic in the list of services it considers risky, it displays a Ransomware Risky Services Not Detected section, containing a table with the following details:

    • Heading row, containing the following columns:

      • Severity

      • Service

      • Port

      • Protocol