Label Insights
Note
The ability to see VEN flows in Label Insights is available only for select tenants.
Label Insights delivers unified network traffic visibility across (a) private data center workloads protected by Illumio VEN agents, and (b) public cloud workloads managed by Illumio’s Cloud product. By combining flows from VEN‐monitored on‐premises assets with cloud‐native flows, security teams gain a consistent, label‐driven view of hybrid environments.
Page-level filters allow you to filter data for all of the widgets in the dashboard and the Traffic Table by time-frame, traffic status (Allowed, Denied), and traffic inbound or outbound to the label of interest.
Label Insights Widgets present a summary of traffic data:
Tip
You can click labels in Insights widgets to reveal granular information in the Traffic Table.
The Risky Services Traffic widget reveals high-risk port and protocol combinations by label type.
Examine Malicious IP Traffic to reveal traffic grouped by label type interacting with known malicious IPs. Hover over an IP to see more details for deeper investigation.
View Cross-Label Traffic, checking on destination and sources, and detect traffic traversing distinct label boundaries.
The Traffic by Country widget lets you examine geolocation-based label values by country.
The Traffic Table displays rich detail about the information summarized in the widgets. By default, the table displays details about all of the traffic data in all of the widgets. To focus the table on only a single label, click the label in the widget. The table updates to provide granular information about the label. To return the table to its default, click Remove All.
Label Insights Prerequisite: EDC Required
To show byte information for VEN flows in the Bytes column, you first need to enable Enhanced Data Collection (EDC). See Enhanced Data Collection in the Security Policy Guide.
Important
When Enhanced Data Collection is enabled, CPU and RAM usage increases marginally on the machine hosting the VEN.