Infrastructure Protection Dashboard

Explore metrics for traffic flowing through Incapsula to your protected networks or IPs. View statistics for your monitored IP ranges. Examine emerging attacks in real-time, or analyze past attacks up to 90 days back. Gain visibility into bandwidth volume, packet rate, traffic type, and PoP utilization.

The displayed data reflects all ingress traffic — from clients to your origin network.


View protected IPs, IP ranges, or monitored ranges


Filter the graphs

Zoom in

View passed, blocked, or total traffic

Switch the format of displayed data

View real-time or historical data

Check connection status


In this topic:

Select a view

Select options for viewing bandwidth and packet rate data. Your selections are reflected in the data displayed in the bandwidth graph (bits per second) and packet rate graph (packets per second), and in the tables below the graph.

Main view

View data for your protected IPs, protected IP ranges, or monitored ranges.

IP Ranges Infrastructure Protection service: For network level DDoS protection. View metrics for your networks or sub networks that are protected by Incapsula from network layer DDoS attacks.
Monitored Ranges Infrastructure Monitoring service: The IP ranges that are monitored by Incapsula to automatically detect attacks and activate the on-demand Infrastructure Protection service.
IP Protection IP Protection service: For IP level DDoS protection. View metrics for your IP addresses that are protected by Incapsula from network layer DDoS attacks.

View by

Overall All traffic.
Ranges View traffic distribution by protected IP range. Displayed when main view selection is IP Ranges.
IPs View traffic distribution by protected IP. Displayed when main view selection is IP Protection.

The global distribution of all incoming traffic across Incapsula PoPs.

For the list of PoP codes and locations, see Incapsula Data Centers (PoPs).

Traffic Type The breakdown of packet types by common protocols and attack vectors.


All Passed traffic and blocked traffic are displayed separately in the graphs.
Total The sum of passed and blocked traffic is displayed as a unified graph.
Passed Clean traffic that is routed through Incapsula and passed on to your protected network.
Blocked DDoS traffic that was blocked by Incapsula.

View bandwidth and packet rate graphs

View bandwidth and packet rate data in side-by-side graphs.

Hover over the graph to focus in on a specific point in time.

In the bandwidth (bits per second) graph, you can compare your data to the blue 95% percentile indicator. For more details on calculation of the 95th percentile, see Account Bandwidth Calculation.

View real-time data

By default, the Infrastructure Dashboard graphs display real-time data. Data resolution is 3 seconds.

Select a filter option to zoom in to a specific time frame in the graph.

Or drag the handles on the navigator below the graph.

View historical data

You can view data for the previous 90-days. Select an option, or choose a custom time period.

You can zoom in to a maximum data resolution of 15 seconds to analyze short attacks.

Click and drag an area of the graph to zoom in. Grab another area to zoom in further.

When zoomed out in the historical graphs, each data point represents the peak values for the time range it covers, such as for the 15 minutes shown in this example.

Check connection status

Check your Infrastructure Protection or IP Protection connection status. Available in real-time view only.

Infrastructure Protection:

IP Protection:

Connection status is displayed in the following format: Connections up x/y (z)

Connections up

Green: All connections are up. This status is also displayed when monitoring is disabled for all connections.

Red: At least one connection is down.

x / y The number of active connections out of the total number of connections.
z The number of connections for which monitoring is disabled. This is not displayed if monitoring is enabled for all connections.

Displays connection status for each connection.

In this example, 16 of a total of 20 connections are up, and monitoring is not disabled for any of the connections.

Here, there are two connections. Monitoring for both connections is disabled.

Filter the graphs


In the legend below a graph:

Click an item to show data for that item only.

To multi-select or clear specific items from the view, use Alt+click.

To select all, double-click an item in the legend.

Show values/distribution

At the bottom of the graph:

Toggle to show actual values or percentage.

Values: Bandwidth in bps. Packet rate in pps.

Distribution: View each PoP, IP range, or traffic type as a percentage of the total traffic.

Drill down to a specific IP range

In the Ranges table, you can view maximum bandwidth and packet rate for all IP ranges, or filter for a specific IP range.

Click an IP range to drill down and display data on the dashboard for that range only.

Note: When viewing historical data and filtering for either passed or blocked traffic, you can select up to a total of 5 IP ranges to view and compare. In the Ranges table, select the ranges you want and then click Apply Selection. The data is updated in the graphs.

View the Event Log

View the log of security events detected by Incapsula.

  Event Description
Infrastructure Protection Connection up (GRE Tunnel/ECX/Cross Connect/..) BGP peer connectivity status has changed to UP.
Connection down (GRE Tunnel/ECX/Cross Connect/..) BGP peer connectivity status has changed to DOWN.
DDoS event has started Incapsula has detected a DDoS attack and has started mitigation. (See SLA for further details.)
DDoS event has stopped The DDoS attack has ended. Incapsula has stopped mitigation. (See SLA for further details.)
Infrastructure Monitoring NetFlow traffic has stopped Netflow/sFlow monitored traffic is not being received. DDoS monitoring is currently inactive.
NetFlow traffic has started Netflow/sFlow monitored traffic is being received properly. DDoS monitoring is active.
Incorrect NetFlow traffic Netflow/sFlow monitored traffic is invalid. DDoS monitoring is currently inactive.
DDoS attack detected Monitored traffic indicated a DDoS attack is in progress.
IP Protection IP is up GRE tunnel monitoring was able to verify that tunnel status is UP. The protected IP is available.
IP is down GRE tunnel monitoring was unable to verify tunnel status. The IP may be down.

Tip: Click Export to CSV to download the event log.

Analyze the data

Take a closer look at an emerging attack in real-time, or analyze a past attack.

What should I look at? What can it tell me?
Overall view
  • A straightforward view of traffic volume on your entire infrastructure.
  • Understand whether an attack took place or is currently underway anywhere on the network.
IP range view
  • Traffic volume trends for each of your network prefixes.
  • Understand which specific prefix had a spike in traffic and/or experienced an attack.
Traffic type view
  • Traffic volume trends for different protocols across your infrastructure.
  • Understand which type of attack vector was used and what traffic was passed or blocked.
PoP view
  • Traffic volume trends for any or all Incapsula PoPs that help handle ingress traffic.
  • Understand the location in the world where the attack is concentrated.
Compare side-by-side bandwidth and packet rate graphs
  • Different attack vectors may vary in intensity of bits (e.g. amplification attacks such as SSDP) or intensity of packets (e.g. SYN flood).

Tip: Filter to see blocked traffic only. Attacks can be multi-vector; filter out the traffic type with the highest value to discover other activity.

  1. Look at overall traffic.

  2. Zoom in on the time frame of an attack.

  3. Switch to View by: Ranges.

  4. Check the graph or IP ranges table to identify the range most impacted by the attack.

  5. Click the specific range in the IP Ranges table to drill down for a closer look.


Read More