Skip to main content

Getting Started with Illumio Insights

  • Getting Started with Illumio Insights
  • Resource Traffic

Resource Traffic

If you notice that specific workloads in your environment have been compromised, use these insights to dig deeper and take quick action to contain the malicious activity.

If you want to stop a resource from freely transmitting data while you investigate, click Quarantine to apply pre-made enforcement policies. Click Restore to undo the quarantine. Quarantining a resource blocks all outbound traffic while allowing critical services (DNS and PCE connectivity), and allowing your incident responders to access the resource using SSH.

  • Resource Summary:

    Gain general insights into the selected resource, such as the cloud and region to which the resource belongs, its resource state, its labels, and other details.

  • Resource Traffic Map:

    Visualize your selected resource and understand the traffic flows between it and other resources. Hover or click on a resource or flow to see details. Click the lines connecting the different resources on the map to view traffic. Green indicates allowed traffic, orange indicates a mix of allowed and denied traffic, and red indicates denied traffic.

  • Risky Traffic by Roles:

    See which roles exchange traffic that Illumio deems to be risky. A blue diamond mark highlights the selected resource. The source roles are on the left and the destination roles are on the right.

  • Malicious IP Traffic:

    See the malicious IPs communicating with your internal resources. For more information, hover over a malicious IP line in the chart.

  • Risky Services Traffic:

    View the services that Illumio categorizes as risky on the selected resource traffic. Use these insights to investigate any risky traffic you should monitor.

  • External Data Transfer:

    Discover potential data exfiltration. Look for large volume data transfers and large increases in traffic, even if the overall volume is moderate. View the Now and Previous flow and byte count deltas to spot traffic increases.

NOTE: Switching between flows and bytes may change your displayed results. Suppose a resource with denied traffic has a large number of flows but zero bytes. In this case, switching the displayed results from flows to bytes would remove the resource from a Top 10 list due to the low byte count, replacing it with another resource that has a higher byte count.

View flow, IP, and resource details using slide-outs

Slide-outs provide additional information about specific flows, IP addresses, and resources. Click each to launch a slide-out and view additional details.