Skip to main content

View traffic filtering (IDS/IPS) metrics

Abstract

Cyber Shield displays the volume of observed and blocked traffic filtering events and the number and percentage of these events that fall into different threat categories.

Cyber Shield displays the volume of observed and blocked traffic filtering events and the number and percentage of these events that fall into different threat categories. To learn more about the threat categories, refer to Traffic Filtering Priorities, Categories, and Protection Levels

These metrics include the Average Volume, Maximum Volume, and Minimum Volume of Observed or Blocked Traffic events for a selected period (24 hours, 7 days, 30 days). You may drill down to a more detailed report by category from the 7-day and 30-day ranges.

View Observed Traffic metrics for Traffic Filtering

The Observed Traffic metrics for Traffic Filtering show the event volume and threat categories for traffic filtering events when the monitored traffic matches a traffic filtering signature that identifies the traffic as a threat regardless of whether that traffic was eventually blocked. To view the metrics, follow the steps below:

  2. Navigate to Shield > Metrics.

  3. Click Observed Traffic in the navigation section on the right.

    By default, the metrics displayed are for the last 24 hours. Note that the Classification Data section breaks down the observed threat categories.

  4. Choose a specific timeframe from the drop-down (last 24 hours, last 7 days, last 30 days).

  5. Clicking on any of the displayed bars in the chart will allow you to drill down to a more detailed report by category from the 7-day and 30-day ranges.

    Note

    The data and timeframe change dynamically in the bar chart. You can drill down to a specific day, and an hourly view is available for each of the last seven days.

  6. Click on any of the table headings of the Classification Data table to sort the table rows based on that column.

View Blocked Traffic metrics for Traffic Filtering

The Blocked Traffic metrics for Traffic Filtering show the event volume and threat categories for blocked traffic identified as threats. To view the metrics, follow the steps below:

  2. Navigate to Shield > Metrics.

  3. Click Blocked Traffic in the navigation section on the right.

    By default, the metrics displayed are for the last 24 hours. Note that the Classification Data section breaks down the blocked threat categories.

  4. Choose a specific timeframe from the drop-down (last 24 hours, last 7 days, last 30 days).

  5. Clicking on any of the displayed bars in the chart will allow you to drill down to a more detailed report by category from the 7-day and 30-day ranges.

    Note

    The data and timeframe change dynamically in the bar chart. You can drill down to a specific day; an hourly view is available for the last seven days.

  6. Click on any of the table headings of the Classification Data table to sort the table rows based on that column.

Tutorial showing how to interact with the Observed Traffic metrics

In this section: