Cloud Visibility Reports

Reports provide valuable statistical information that you can use as insights to the network and its general health, and decide accordingly. Multicloud Defense enables you to generate the following reports:

Discovery

The Discovery Report is generated by taking out-of-band traffic information from DNS queries and VPC flow logs, and correlating the data with threat intelligence and cloud inventory information. These logs are only available if you configure the VPC of your cloud service provider to send logs to an S3 bucket. These logs are then transferred directly to the Multicloud Defense Controller.

The report contains:

  • Top of Discovery Report - Network and cloud asset analytics, presented in volume and distinct counts of field values. You can derive insights on what is happening in your cloud environment by quantifying network behavior.

  • Network Traffic – Bytes - This graph displays the volume of bytes by traffic direction. You can view where the volume of bytes is going - Ingress, Egress, or East-West.

  • Network Traffic – Packets - This graph displays the volume of packets by traffic direction. You can view where the volume of packets is going - Ingress, Egress, or East-West.

  • Network Traffic – Events - This graph displays the volume of events by traffic direction. You can view where the volume of events is going - Ingress, Egress, or East-West.

  • Ingress Account Summary - This summary displays the distinct count of cloud assets with ingress network traffic, by CSP. You can view review the flow of assets communicating into a CSP environment.

  • Egress Account Summary - This summary displays the distinct count of cloud assets with egress network traffic, by Cloud Service Provider (CSP). You can view review the flow of assets communicating out of a CSP environment.

  • Ingress Network Events by Country - This geographic heatmap shows the volume of ingress traffic by country. You can view countries that communicate with the cloud environments.

  • Egress Network Events by Country - This geographic heatmap shows the volume of egress traffic by country. You can view countries that communicate with the cloud environments.

  • Top 10 Source Countries - This graph displays the top 10 source countries by volume of events, with other network analytics. This is a summary of the top source countries that the cloud environment is communicating with.

  • Top 10 Destination Countries - This graph displays the top 10 destination countries by volume of events, with other network analytics. This is a summary of the top destination countries that the cloud environment is communicating with.

  • Top 10 Ingress Source IP Addresses - This graph displays the top 10 source IP addresses by volume, with other network analytics. You can view the entities that create the most inbound events.

  • Top 10 Egress Destination IP Addresses - This graph displays the top 10 destination IP addresses by volume, with other network analytics. You can view entities that the cloud environment mostly communicates with.

  • Top 10 FQDN Category Names by Volume - This graph displays the category names by volume for FQDNs. You can view the top category types based on the FQDNs being requested by the cloud environment.

  • Top 10 FQDNs by Volume - This graph displays the top 10 FQDNs by volume. You can view the top FQDNs that are requested by the cloud environment.

  • Top 10 Malicious FQDNs by Volume - This graph displays the top 10 malicious FQDNs by volume. If a malicious or suspicious category name is found, the top FQDNs in that category name is displayed here.

  • FQDN Category Name Mapped to MITRE ATT&CK - This graph displays the top 10 malicious category names mapped to MITRE ATT&CK. This view provides more context on how the FQDN category name relates to an attack chain by using the Enterprise MITRE ATT&CK framework.

Threat Indicators Snapshot

The Cloud Visibility Report - Threat Indicators Snapshot report is a compilation of data on the gateway instance. You can use this report to determine the gateway's endurance under duress by examining traffic patterns, when and how thresholds are met, trends of attacks, and specific instances. The report includes the following points:

  • IDS/IPS Detection - This data shows how many attacks are detected, the type of attack, the time of the detected attacks, and the top ten IDS/IPS signatures over the time range selected.

  • WAF Detection - This data shows how many attacks are detected by WAF rules, the time of the detected attacks, and the top ten WAF signatures over the time range selected.

  • Relocation of Threats by Volume - This choropleth map shows the volume of attacks for both WAF and IDS/IPS events by country in volume.

  • Top Ten Attacking Countries by Volume and Time - This horizontal bar chart depicts the volume of the top 10 countries that during the entirety of the timespan produced the most events, then displayed breaking that volume across the time increments for which the events occurred during the timespan.

  • Policy and Prevention - This data chart shows the action that is taken by the gateway security type in whichever CSP environment it is deployed in. This includes the type of action, how many events generated from the action, the gateway security type and more.

You must have Web Application Firewall (WAF), intrusion detection and prevention (IDS/IPS) rules that are enabled in your policy for the Multicloud Defense Gateway to collect and poll data.

For Additional Information: