Skip to main content

Getting Started with Illumio Insights

  • Getting Started with Illumio Insights
  • Malicious IP Threats

Malicious IP Threats

Use these insights to access information about any malicious IPs in your environment and look for inbound and outbound traffic flows associated with them.

  • Top Malicious IPs

    View the top malicious IPs communicating with your internal resources. Hover over its protocol listing to see copy its protocols and ports to the clipboard.

  • Global Threat Map

    View the country from where these malicious IPs are originating. Hover over a location to see Now and Previous traffic (number of flows and bytes), in addition to risk scores. Click the Expand to full screen icon to better visualize smaller locations.

  • Top Subscriptions or Tenants with Malicious IP Flows: View your top subscriptions or tenants communicating with malicious IPs. Group your results by subscription or tenant.

  • Top Roles Communicating with Malicious IPs

    View the role labels (LDAP, NFS, and more) associated with your internal resources that are sending or receiving the most traffic with malicious destination IPs. Hover on a role to see its flow numbers, byte counts, and deltas.

  • Top Services used in Malicious IP Communication

    View the top services that your internal resources use to communicate with malicious IPs. See a malicious IPs number of flows and its byte counts to see if there is an unusual increase in traffic.

  • Traffic Query Results

    Filter traffic results by source IP, source zone, port, protocol, and much more. Filter the Source Zone column to see all of your Azure sources in one place.

NOTE: Switching between flows and bytes may change your displayed results. Suppose a resource with denied traffic has a large number of flows but zero bytes. In this case, switching the displayed results from flows to bytes would remove the resource from a Top 10 list due to the low byte count, replacing it with another resource that has a higher byte count.

View flow, IP, and resource details using slide-outs

Slide-outs provide additional information about specific flows, IP addresses, and resources. Click each to launch a slide-out and view additional details.