Response Integration Blocks
Preview
Overview
Purpose: The Response Integration Blocks dashboard provides visibility into the block rates and block history associated with security policies. It is designed to help administrators monitor and manage network blocks, particularly those triggered by automated security responses, such as integration with blocklists.
Components: The dashboard includes the following visualizations:
- Current Blockrate
- Total Blocks
- Blockrate
- Top Destination Protocols
- Top Destination Ports
- Block History
Getting Here
- From the main menu, go to Dashboards > All.
- Select the System tab from the top navigation.
- Click on Response Integration Blocks.
Main Points
Usage Scenarios: This dashboard is useful for security administrators who need to monitor active network blocks, understand the volume and frequency of block events, and review the history of blocked sources and destinations.
Best Practices: Regularly review the Blockrate chart and Block History table to identify patterns in block events. Use the destination protocol and port information to gain insight into the nature of blocked traffic.
Charts
Current Blockrate
Description: A metric displaying the current rate of blocked traffic in bits per second (bps).
Usage: Provides a real-time snapshot of the blockrate, which is useful for identifying immediate blocking activity in the network.
Total Blocks
Description: Displays the total number of blocks currently implemented in the network.
Usage: Helps administrators assess the overall volume of active blocks, which can indicate the level of network threats or automated responses in place.
Blockrate
Description: A line chart showing the blockrate over time, measured in bits per second (bps).
Key Elements:
- X-axis: Time.
- Y-axis: Blockrate in bps.
Usage: Useful for tracking blocking activity trends, allowing administrators to identify peaks in block events, which may correspond to attempted network intrusions or policy changes.
Top Destination Protocols
Description: A pie chart that displays the protocols of the top destinations being blocked.
Key Elements:
- Segments: Each segment represents a protocol (e.g., TCP, UDP) with blocked traffic.
Usage: Helps in understanding which protocols are most commonly involved in blocked traffic, potentially revealing common attack vectors.
Top Destination Ports
Description: A pie chart showing the top destination ports involved in blocked traffic.
Key Elements:
- Segments: Each segment represents a destination port.
Usage: Useful for identifying frequently targeted ports in the network, which may highlight vulnerabilities or common entry points used by attackers.
Block History
Description: A table listing historical block events with details including start time, expiration, active status, source, destination, and associated rule or adapter.
Key Elements:
- Columns: Includes details such as start time, expiration, source IP, destination IP, destination ASN, rule applied, and account.
Usage: This table provides a detailed log of block events, supporting in-depth analysis of past blocking activity and helping administrators understand which sources and destinations were involved.
Interpreting the Data
Real-Time Blocking: The Current Blockrate and Total Blocks metrics provide a snapshot of active blocking, allowing administrators to respond quickly to ongoing threats.
Blocking Trends: The Blockrate chart offers insights into blocking patterns over time, helping to identify trends that may correspond to specific threat periods or changes in network security policies.
Protocol and Port Analysis: The Top Destination Protocols and Top Destination Ports charts reveal which protocols and ports are most frequently blocked, which may indicate popular attack vectors.
Additional Features
Metric Selection: Users can choose metrics such as bitrate to tailor the view to specific network data.
Time Range: The dashboard allows users to adjust the time range, facilitating a more focused analysis of blocking trends over specific periods.
Interactive Elements: The SYNC HOVER feature enables synchronized insights across charts, providing a cohesive view of blocking activities and supporting a more integrated analysis.
Updated 17 days ago