Resource Traffic
The Resource Traffic dashboard allows you to examine a single resource in detail. You can access all related metadata, resources connected to it, and see in real time what it’s directly interacting with—visualized through the Resource Traffic Map. Other widgets on this page help you identify if it has been engaging with malicious IPs, attempting external data transfers, or using potentially risky protocols.
If you notice that specific workloads in your environment have been compromised, use these insights to dig deeper and take quick action to contain the malicious activity.
If you want to stop a resource from freely transmitting data while you investigate, click Quarantine to apply pre-made enforcement policies. Click Restore to undo the quarantine. Quarantining a resource blocks all outbound traffic while allowing critical services (DNS and PCE connectivity), and allowing your incident responders to access the resource using SSH.
Resource Summary
Gain general insights into the selected resource, such as the cloud and region to which the resource belongs, its resource state, its labels, and other details.
Resource Traffic Map
See hybrid traffic between private data center servers and cloud resources. Select a resource of interest and understand the traffic flows between it and other resources. Hover or click on a resource to see details. Green lines indicate allowed traffic, orange indicates unenforced denied traffic, and red indicates denied traffic.
Risky Traffic by Roles
See which roles exchange traffic that Illumio deems to be risky. A blue diamond mark highlights the selected resource. The source roles are on the left and the destination roles are on the right.
Malicious IP Traffic
See the malicious IPs communicating with your internal resources. For more information, hover over a malicious IP line in the chart.
Risky Services Traffic
View the services that Illumio categorizes as risky on the selected resource traffic. Use these insights to investigate any risky traffic you should monitor.
External Data Transfer
Discover potential data exfiltration. Look for large volume data transfers and large increases in traffic, even if the overall volume is moderate. View the Now and Previous flow and byte count deltas to spot traffic increases.
Switching between flows and bytes may change your displayed results. For example, if a resource with denied traffic has a large number of flows but zero bytes, switching the displayed results from flows to bytes removes the resource from a Top 10 list due to the low byte count, replacing it with another resource that has a higher byte count.
View flow, IP, and resource details using slide-outs
Slide-outs provide additional information about specific flows, IP addresses, and resources. Click each to launch a slide-out and view additional details.