The Security Overview page displays the overall impact summary of configured Security services, like Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), URL Categories, URL Reputations, and Malicious IP for all Edges within an Enterprise, based on the metrics collected using the various Enhanced Firewall Services (EFS) engines (IDS/IPS/URL Filtering/Malicious IP).

Note: Under the Monitor tab, the Security Overview option will be visible only if the EFS feature is activated in the Global Settings page.

Monitor Security Overview - Enterprise View

To view the overall impact summary of configured Security services for an Enterprise, in the SD-WAN service of the Enterprise portal, click Monitor > Security Overview. The Security Overview page appears.
In the Security Overview page, you can find the following details:
Option Description
Overall Impact Summary

Displays the total count of Edges within the Enterprise and total count of Reporting Edges whose traffic was subjected to at least one of the Enhanced Firewall Engines.

Under Reporting Edges, clicking the link to the number displays a tabular view of all Edges whose traffic hit atleast one EFS engine along with the Action count details. Hover the mouse over the Action count to view the split count by supported Action types.

To view the EFS Threats details for a specific Edge, click the link to the Edge name. You will be navigated to the Edge-specific Security Overview page. See Monitor Security Overview - Edge View.
IDS/IPS Summary

Displays the total count of IDS/IPS Threats Detected and Prevented for all Edges within the Enterprise, along with the Threat Severity and Action details in a graphical representation. Hover the mouse on the graphs to view specific threat details.

For detailed information about the IDS/IPS Threat distribution, see Monitor IDS/IPS.

URL Category Summary Displays the total count of URL Categories and Action count details for all Edges within the Enterprise, along with the Top 5 URL Categories details in a graphical representation.

For detailed information about the URL Category Threats distribution, see Monitor URL Filtering.

URL Reputation Summary Displays the total count of URL Reputation risks and Action count details for all Edges within the Enterprise in a graphical representation.

For detailed information about the URL Reputation Threats distribution, see Monitor URL Filtering.

Malicious IP Summary Displays the total count of Malicious IP Blocked and Monitored.

For detailed information about the Malicious IP Threats distribution, see Monitor Malicious IP.

Monitor IDS/IPS

To view the IDS/IPS specific threats details for an Enterprise, click Monitor > Security Overview > IDS/IPS.

The IDS/IPS page is a graphical representation of Threat distribution (Threats Detected/Threats Prevented) based on the metrics collected using the IDS/IPS engines for all Edges within an Enterprise. You can view the Threat distribution of all the Edges using the following two views:

  • Impacted Edge Distribution – Represents a map view of all the IDS/IPS Impacted Edges (by severity) and Protected Edges. The page graphically displays the following IDS/IPS Threat details for an Enterprise:
    • Total count of Edges Impacted
    • Total count of Edges Protected
    • Top Threats Detected filtered "By Count" (Default) or "By Impact"
    • Top Threat Origins filtered "By Country" (Default) or "By IP Address"
    • Top Impacted Edges filtered "By Edge Name"
    • Top Impacted Clients filtered "By IP Address"
  • Impacted Edge List – Represents a tabular view of all the IDS/IPS impacted Edges along with Threat details. The page displays the following details: Name and Description of the impacted Edge, Threat Impact on Edge, and Status of impacted Edge.

Monitor URL Filtering

To view the URL Filtering specific threats details for an Enterprise, click Monitor > Security Overview > URL Filtering.
The URL Filtering page graphically displays the following URL Categories and URL Reputations threat details for an Enterprise:
  • Total count of URL Categories
  • Total count of URL Category Actions
  • Top URL Categories
  • Top URL categories filtered by "Action" (Blocked, Allowed, and Monitored) or "Total Count" (Default)
  • Top Edges filtered by "Category Actions" (Blocked, Allowed, and Monitored) or "Total Count" (Default)
  • Total count of URL Reputations
  • Total count of URL Reputation Actions
  • Top Websites filtered by "URL Reputation" (High Risk, Suspicious, Medium Risk, Low Risk, and Trustworthy) or "Total Count" (Default)
  • Top Edges filtered by "Reputation Actions" (Blocked, Allowed, and Monitored) or "Total Count" (Default)

Monitor Malicious IP

To view the Malicious IP specific threats details for an Enterprise, click Monitor > Security Overview > Malicious IP.
The Malicious IP page graphically displays the following Malicious IP threat details for an Enterprise:
  • Total count of Blocked Malicious IP
  • Total count of Monitored Malicious IP
  • Top Malicious Destination IPs filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)
  • Top Malicious Categories filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)
  • Top Edges filtered by "Action" (Blocked and Monitored)) or "Total Count" (Default)
  • Top Malicious Destination Countries filtered by "Action" (Blocked and Monitored) or "Total Count" (Default)

Monitor Security Overview - Edge View

To view the EFS Threat details for a specific Edge:
  1. In the SD-WAN service of the Enterprise portal, click Monitor > Edges. The list of Edges associated with the Enterprise appears.
  2. Select an Edge by clicking the link to an Edge. The Network Overview page (default page view) appears.
  3. From the Network Overview drop-down menu, select Security Overview.

    The Security Overview page displays the overall impact summary of configured Security services, like IDS/IPS, URL Categories, URL Reputations, and Malicious IP for the selected Edge.