Getting Started with Illumio Insights

Risky Services Traffic

Use these insights to view details about your services and evaluate potentially risky traffic. Assume you are concerned about a specific threat actor moving laterally using Port 3389 (RDP). Use these insights to search for such port connections and determine the level of risk. Services are color coded; red indicate high risk, orange indicates medium risk, and yellow indicates low risk.

Top Destination Roles For Workloads using a Service

Use these insights to determine what types of machine learning auto-detected roles your workloads are sending traffic to using specific services, like Port 3389 (RDP). View the mix of roles receiving heavy Port 3389 (RDP) usage to determine whether you should investigate if an unknown role is receiving sensitive information.

Top Workloads using a service and port combination

Use these insights to learn about risky traffic for the top workloads. Hover over a graph line to see its details and click on a graph line to update the Traffic Query Results table. Click an entry (or its checkbox) in the legend to remove or restore it in the graph.

Traffic by Zones for a service and port combination

Use these insights to get information about cross-zones traffic patterns. Dig deeper into port (RDP) traffic, for example. You’ll notice any workloads using an outsized number of such connections.

Workloads Using a service and port combination by Destination Roles

Use these insights to get information about source workloads and which roles receive traffic that Illumio deems to be risky. For example, you could see if a specific port (RDP) is transmitting sensitive information to an unknown destination role.

Traffic Query Results

Filter traffic results by source IP, source zone, port, protocol, and much more. For example, filter the Source Zone column to see all of your Azure sources in one place.