Skip to main content

Getting Started with Illumio Insights

Resource Traffic

Quickly identify and investigate traffic for a single resource to uncover hidden risks, malicious connections, or data exfiltration using the Resource Traffic dashboard.

  • Access related metadata, resources connected to it, and see in real time what it’s directly interacting with using the Resource Traffic Map.

  • Use other investigation widgets to identify if the traffic has been engaging with malicious IPs, attempting external data transfers, or using potentially risky protocols.

  • If you notice that specific workloads in your environment have been compromised, use these insights to dig deeper and take quick action to contain the malicious activity.

  • To stop a resource from freely transmitting data while you investigate, click Quarantine to apply pre-made enforcement policies.

  •  

 

 

Resource Summary

Gain general insights into the selected resource such as the cloud and region to which the resource belongs, its resource state, its labels, and other details.

Resource Traffic Map

  • Visualize your selected resource and understand the traffic flows between it and other resources.

  • Hover or click on a resource or flow to see details.

  • Click the lines connecting the different resources on the map to view traffic. Green indicates allowed traffic, orange indicates a mix of allowed and denied traffic, and red indicates denied traffic.

Risky Traffic by Roles

See which roles exchange traffic that Illumio deems to be risky. A blue diamond mark highlights the selected resource. The source roles are on the left and the destination roles are on the right.

Malicious IP Traffic

See the malicious IPs communicating with your internal resources. Hover over a malicious IP line in the chart.

Risky Services Traffic

View the services that Illumio categorizes as risky on the selected resource traffic. Use these insights to investigate any risky traffic you should monitor.

External Data Transfer

Discover potential data exfiltration. Look for large volume data transfers and large increases in traffic, even if the overall volume is moderate. View the Now and Previous flow and byte count deltas to spot traffic increases.

NOTE: Switching between flows and bytes may change your displayed results. Suppose a resource with denied traffic has a large number of flows but zero bytes. In this case, switching the displayed results from flows to bytes would remove the resource from a Top 10 list due to the low byte count, replacing it with another resource that has a higher byte count.

View flow, IP, and resource details using slide-outs

Slide-outs provide additional information about specific flows, IP addresses, and resources. Click each to launch a slide-out and view additional details.